On 03/01/2010 07:54 PM, Thomas H. George wrote:
Any suggestions?
Tom
Yes I have one. Whatever book you are using, burn it then shoot it!
Without looking at the query, it is most likely failing because you are
inserting un-escaped data into your database.
So when you enter something like: G
ok, couple of things;
- if you're using user input in SQL queries, you have to push 'm
through a function that sanitizes the input against sql-insertions.
For now, let that be function antiSQLinsertion ($var) { return
mysql_real_escape($var); };
- if you're going to output values from the DB into
2 matches
Mail list logo
