None of the previous posts added any security...
They all ONLY provided different syntax to leave your database wide
open for abuse.
This is much safer:
$cat_name_sql = myqsl_real_escape_string($_POST['cat_name']);
$query = "insert into categories (category_name) values
('$cat_name_sql')";
You c
thanks.
""Ross"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Can I put post values directly into insert statements?
>
> $query = "INSERT INTO categories (category_name) VALUES
> ('$_POST['cat_name'])";
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
By the way, beware of possibly buggy code:
strpos() will return 0 if the string begins with '-', but it will return
FALSE if '-' is not found in the string.
Since both 0 and FALSE will evaluate to boolean false in your condition, you
may get weird results.
Use this instead: (strpos($a, '-') !==
Thank you.
TR
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
If memory serves, $match will contain an array whose 0th element is the
entire string and whose 1st element contains whatever is matched in the
first (), 2nd element matches the second () and so on.
Check the manpage for more...
and when testing things like this out try adding the following for
5 matches
Mail list logo
