> > And quoting integers is not a problem, I even prefer it. IMHO we should
> > tell people to quote all values so if someone "forgets" to do any sort of
> > input validation (i.e. make sure it's actually an integer) there won't be
> > a major problem otherwise problems (including SQL injection) m
Philip Olson wrote:
And quoting integers is not a problem, I even prefer it. IMHO we should
tell people to quote all values so if someone "forgets" to do any sort of
input validation (i.e. make sure it's actually an integer) there won't be
a major problem otherwise problems (including SQL injectio
* Thus wrote Philip Olson:
> > Sorry, let me clearify.. unless UserId is an integer, quote it !!
>
> And quoting integers is not a problem, I even prefer it. IMHO we should
> tell people to quote all values so if someone "forgets" to do any sort of
One thing to note though, mysql/sqlite is the o
> Sorry, let me clearify.. unless UserId is an integer, quote it !!
And quoting integers is not a problem, I even prefer it. IMHO we should
tell people to quote all values so if someone "forgets" to do any sort of
input validation (i.e. make sure it's actually an integer) there won't be
a major p
Sorry, let me clearify.. unless UserId is an integer, quote it !!
jason
On Sat, 24 Jul 2004 12:03:54 -0700, Jason Davidson
<[EMAIL PROTECTED]> wrote:
> whats in UserId var.. any spaces or nonword chars.. if so, quote it.
>
> Jason
>
>
>
> On Sat, 24 Jul 2004 19:49:04 +0100, Harlequin
> <[EMAI
whats in UserId var.. any spaces or nonword chars.. if so, quote it.
Jason
On Sat, 24 Jul 2004 19:49:04 +0100, Harlequin
<[EMAIL PROTECTED]> wrote:
> I've been working on a query to retrieve a user's data based on their UserID
> that is stored in a variable "$_SESSION['logname']" which underneath
Harlequin wrote:
I've been working on a query to retrieve a user's data based on their UserID
that is stored in a variable "$_SESSION['logname']" which underneath I
convert using: $UserID = $_SESSION['logname'];
But when I execute a SELECT query:
$CaptureDetails = "SELECT * FROM RegisteredMembers
I've been working on a query to retrieve a user's data based on their UserID
that is stored in a variable "$_SESSION['logname']" which underneath I
convert using: $UserID = $_SESSION['logname'];
But when I execute a SELECT query:
$CaptureDetails = "SELECT * FROM RegisteredMembers
WHERE UserID
8 matches
Mail list logo
