At 11:57 15-1-03, Marek Kilimajer wrote:
I think that that is a really bad advice."SELECT Newsheadline, News, Contact FROM news WHERE Newsid = $_GET[id]";- removed single quotes
Let me explain.
For one, the single quotes are not in the way here because the query is written between double quotes.
Then, leaving out the single quotes like Marek suggests will only work because PHP is too programmer-friendly.
But the indexes of such arrays should always be quoted, because they are strings, and not the name of 'constant' values. If you do not quote them PHP will first try to look up whether you defined id somewhere, as a constant (with define ('id','value');). Which you did not, so PHP will fail to find it. Only then PHP will gently assume that since there is no constant defined with the name id, that you meant 'id'. Valuable processing time wasted for no reason.
Set error_reporting to ~E_ALL if you do not believe me.
I would support the $_POST suggestion by Jason.
Suggested reading: the 'PHP Bible'.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
