On 03/01/2010 07:54 PM, Thomas H. George wrote:
Any suggestions?
Tom
Yes I have one. Whatever book you are using, burn it then shoot it!
Without looking at the query, it is most likely failing because you are
inserting un-escaped data into your database.
So when you enter something like: G
I am a newbie. The following script works but the second one (below)
loads the variables from an html form and then fails. The connection
commands in the second sript are identical as the first script was copied
from the first. Only the variable values have been changed.
#!/usr/bin/php
#
The f
ok, couple of things;
- if you're using user input in SQL queries, you have to push 'm
through a function that sanitizes the input against sql-insertions.
For now, let that be function antiSQLinsertion ($var) { return
mysql_real_escape($var); };
- if you're going to output values from the DB into
I am a newbie. The following script works but the second one (below)
loads the variables from an html form and then fails. The connection
command in the second sript are identical as the first script was copied
from the first. Only the variable values have been changed.
#!/usr/bin/php
#
The fol
4 matches
Mail list logo
