Reply to Re: HELP: pesky SQL syntax error using PHP variables — PHP Programming Language

Posted by Robin on 07/13/06 08:25

Frankie wrote:
> "Robin" <anon@somewhere.com> wrote in message
> news:e8vnab$87k$1@gemini.csx.cam.ac.uk...
>
>><snip>
>>
>>I hope you're checking those $_POST variables before blindly making the
>>SQL call!
>
>
> Yes, $_POST['selectCategory'] comes from a select menu while
> $_POST['tfItemNum'] is checked by "ereg", and then again by "strip_tags" if
> re-displayed.
>
> Thanks again to all who responded.
>
> F.H.
>

By "comes from a select menu" do you mean is the product of a <select
name="selectCategory"> tag?

You cannot guarantee that this value will only be one of your <option>
tag values. Posted data is easily forged.

Robin

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация