Re: [PHP-DB] Use the User Input Critia as part of Query! (Mysql)

Hugh Bothwell Mon, 03 Sep 2001 10:05:12 -0700


"Jason Wong" <[EMAIL PROTECTED]> wrote in message
021701c13489$245b1f40$[EMAIL PROTECTED]">news:021701c13489$245b1f40$[EMAIL PROTECTED]...
> ----- Original Message -----
> From: Jack <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Monday, September 03, 2001 10:35 PM
> Subject: [PHP-DB] Use the User Input Critia as part of Query! (Mysql)
>
> > $query="select name,department,Leave_From,Leave_To,
> > Leave_Total,Reason from leaverequest where
> > Staff_Number="<?print("$StaffNum");?>" and authorized
> > is null";
> >
> Try something like:
> $query="select name,department,Leave_From,Leave_To,
> Leave_Total,Reason from leaverequest where Staff_Number
> ='$StaffNum' and authorized is null";

Also, for security, you would be wise to cast $StaffNum
to int before using it:

$StaffNum = (int) $StaffNum;
$query =
    "SELECT "
        ."name,department,Leave_From,Leave_To,"
        ."Leave_Total,Reason "
    ."FROM leaverequest "
    ."WHERE Staff_Number=$StaffNum "
        ."AND authorized IS NULL";

HTH



-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP-DB] Use the User Input Critia as part of Query! (Mysql)

Reply via email to