Posted by J.O. Aho on 12/22/07 11:36

glyn@amethystmailing.co.uk wrote:
> Fantastic, thank you so much for the advice and re writting the code,
> all working now.

It could be good to use addslashes() when you use a that is sent to the page,
this lesses the risk with SQL injections

http://www.php.net/manual/en/function.addslashes.php

$indata=addslashes($_POST['client']);
$query="SELECT tbldocketref.jobno, tbljob_info.`job description`,
clients.Clientname, tbldocketref.group, tbldocketref.docketno,
DATE_FORMAT(tbldocketref.`mail date`, '%d/%m/ %Y') AS `Mail date`,
tblmsservice.name AS MS_Service, tblmailpieceformat.format AS Pack_Format,
tbldocketref.`qty mailsort`, tbldocketref.`qty std tarrif`,
tbldocketref.`qty os`, tbldocketref.`item weight`
FROM tbldocketref
LEFT JOIN tbljob_info on (tbldocketref.JobNo = tbljob_info.jobno)
LEFT JOIN clients on (tbldocketref.client = clients.clientid)
LEFT JOIN tblmailpieceformat on (tbldocketref.`mail piece format` =
tblmailpieceformat.`mailpiece id`)
LEFT JOIN tblmsservice on (tbldocketref.`ms service if app` =
tblmsservice.serviceid)
WHERE clients.clientname = '$indata' ORDER BY `Mail date`";

--

//Aho

• Next in forum: MySql not enable from IIS but worksfrom Command line -- with partial solution
• Prev in forum: Re: 2nd Newbie question - results page wont load with order by in query
• Thread view: Re: 2nd Newbie question - results page wont load with order by in query

[Reply to this message]