Reply to explanation please — PHP Programming Language

Posted by Michael G on 09/08/05 00:26

The following is from
http://php.mirrors.ilisys.com.au/manual/en/security.database.sql-injection.php .

Would someone explain the following lines, in particular I don't understand
'$paramArr[\'$1\']' nor do I understand how the syntax {1} works or how it
is related to arrays?

Thanks, mIke.

<some code snipped>
....
return preg_replace('/\{(.*?)\}/ei','$paramArr[\'$1\']', $queryString);
}

$sqlQuery = 'SELECT col1, col2 FROM tab1 WHERE col1 = {1} AND col3 = {2}
LIMIT {3}';
$stm = mysql_query(prepareSQL($sqlQuery, array('username', 24.3, 20);
?>

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация