Hi
I am trying Dynamically creating a Query based on form input for an
intranet, i have a text input that allows a user to input part of a
where clause such as - not like '04%' - . this bit works fine but i
would like to display the clause back in the form field when the page
reloads.
Hi Adrian,
This appears to be a security hole, but since that wasn't the reason for
the question, please try:
echoinput type='text' value=' . htmlentities($clause, ENT_QUOTES) . ';
php.net/htmlentities
Cheers,
David Grant
Adrian Bruce wrote:
Hi
I am trying Dynamically creating a Query
I'm aware it would be a security hole if it were available to all users,
but it's just for me at the mo, other users get a watered down version
with just check boxes. I basically want to allow flexible filtering of
a set of data but obviously this poses a few challenges, any ideas
always
Hi Adrian,
You can still use the text input, but you must ensure that the input is
filtered first. There is a wealth of information on SQL injection and
its prevention on the Internet. Try these for starters:
http://shiflett.org/articles/security-corner-apr2004
4 matches
Mail list logo