Reply to Re: Mysql Variable help

Your name:

Reply:


Posted by Hilarion on 09/07/05 15:05

tvlgiao <tvlgiao@gmail.com> wrote:
> you should use:
> $album = "Led Zeppelin";
> $query = $db->getAll("SELECT * FROM music WHERE (title = '$album')");


Rivera, tvlgiao is right, but you should also remember that if
$album value comes from website user and you have magicquotes_gpc
turned off, then the query may still fail and/or be prone to SQL
injection attacks.


Hilarion

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация