"Jason Wong" <[EMAIL PROTECTED]> wrote in message
021701c13489$245b1f40$[EMAIL PROTECTED]">news:021701c13489$245b1f40$[EMAIL PROTECTED]...
> ----- Original Message -----
> From: Jack <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Monday, September 03, 2001 10:35 PM
> Subject: [PHP-DB] Use the User Input Critia as part of Query! (Mysql)
>
> > $query="select name,department,Leave_From,Leave_To,
> > Leave_Total,Reason from leaverequest where
> > Staff_Number="<?print("$StaffNum");?>" and authorized
> > is null";
> >
> Try something like:
> $query="select name,department,Leave_From,Leave_To,
> Leave_Total,Reason from leaverequest where Staff_Number
> ='$StaffNum' and authorized is null";
Also, for security, you would be wise to cast $StaffNum
to int before using it:
$StaffNum = (int) $StaffNum;
$query =
"SELECT "
."name,department,Leave_From,Leave_To,"
."Leave_Total,Reason "
."FROM leaverequest "
."WHERE Staff_Number=$StaffNum "
."AND authorized IS NULL";
HTH
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]