Hello Edwin,
What do you mean by "SQL injection"...?
Thanks,
Dan
On Sunday, October 27, 2002, at 01:01 AM, @ Edwin wrote:
Hello,
Are you sure you want to do something like this?
This seems like a good candidate for an "SQL injection"...
(Well, I'm not really sure how you're doing it so I could be wrong.)
Just wondering...
- E
"Dan Tappin" <[EMAIL PROTECTED]> wrote:
I have a simple method of creating easy form processing.... I
thought....
I came up with the idea (I am not claiming to be the first) to have
form
elements I want to update via MySQL starting with either "-" or "+".
Example:
+name=DAN
[EMAIL PROTECTED]
-notes=
id=1
The first 2 are required and will be updated, the 3rd is optional and
will
be updated and the 4th (id) is simply passed as form data.
The idea here is that I parse the $_POST variable to auto create a
"UPDATE
table SET name = 'Dan', email = '[EMAIL PROTECTED]' WHERE = 1" string
for
MySQL.
The issue is that if I use the "+" to indicate a required field for
error
trapping my $_POST array ends up like this:
+namD=AN
[EMAIL PROTECTED]
-notes=
id=1
Either this is a PHP / HTTP bug or I am up against some strange post
naming
restriction. I searched the web, the PHP site (includeing the bugs)
and
could not spot an obvious reference.
Any ideas out there?
Dan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
