Posted by "Richard Lynch" on 11/10/05 23:53

On Wed, November 9, 2005 5:21 pm, Ross wrote:
> $query = "SELECT * FROM login where username='$_POST['username']' AND
> pass
> ='$_POST['pass']'";

In addition to the fine posts regarding SQL Injection and curly
braces, I'd like to provide one other alternative heretofore
unmentioned:

$query = "SELECT * FROM login where username = '$_POST[username]' AND
pass = '$_POST[pass]'";

PHP is happy to interpolate arrays within quotes, but only if you do
NOT quote the index.

"{$array['key']}" -- good, after PHP 4.?.?
"$array[key]" -- good
"$array['key']" -- bad

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]