Foo. Somehow I encrypted the last message.
--[PinePGP]--[begin]--
I think you misunderstood me. I already have a AuthenticateUser(TEXT,TEXT)
function that works great. What I don't understand is how to get PHP to
use place holders for data binding.
b. Jore [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 4:00 PM
To: Maxim Maletsky (PHPBeginner.com)
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] PHP Security Leak (plaintext)
Foo. Somehow I encrypted the last message.
--[PinePGP]--[begin]--
I
I think you misunderstood me. I already have a
AuthenticateUser(TEXT,TEXT)
function that works great. What I don't understand is how to get PHP
to
use place holders for data binding. This is more generic database
issue. I
could have also written:
INSERT INTO foo (a,b) VALUES (?,?)
where
At 4:00 PM -0500 25/4/02, Joshua b. Jore wrote:
INSERT INTO foo (a,b) VALUES (?,?)
$my_val_a = addslashes($HTTP_POST_VARS[val_a]);
$my_val_b = addslashes($HTTP_POST_VARS[val_b]);
$query = INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b);
Or if you have magic_quotes_gpc turned on (the
$my_val_a = addslashes($HTTP_POST_VARS[val_a]);
$my_val_b = addslashes($HTTP_POST_VARS[val_b]);
$query = INSERT INTO foo (a,b) VALUES ($my_val_a,$my_val_b);
Or if you have magic_quotes_gpc turned on (the default) all vars
passed
in from forms/cookies are quoted and SQL injection is not
5 matches
Mail list logo
