This is what you'd call, strictly speaking, a php question. http://php.net/manual/en/reserved.variables.get.php
$_GET is used for conditional rendering and whatnot in PHP. In the earlier angular stuff, you construct a URL thusly: ajax/updateTask.php?taskID="+item+"&status="+status and then that variable is directly inserted into your SQL call here: $query="select ID, TASK, STATUS from tasks where status like '$status' order by status,id desc"; Which is pretty much asking for someone to ask for a task whose status is 1';drop table tasks;-- or something like that. Now, I'm no PHP expert. I dislike PHP with the fires of a thousand suns. So I could be wrong about the SQL injection pathway, and maybe PHP has changed since the days when I used to have to write it. But anyway, that's what's going on there. Eric On Sun, Aug 31, 2014 at 5:07 PM, Jeffrey Calingasan < [email protected]> wrote: > Help. Can anybody answer my question? > > -- > You received this message because you are subscribed to the Google Groups > "AngularJS" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/angular. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
