Um... yes... you would need the $_POST array if register_globals is off...
but since it's not off by default yet... :)
On Wed, 16 Jan 2002, Erik Price wrote:
> Ah, good call.
>
> Although, in your third example (the one where you say "Then you might
> as well just do this:"), you are using the $
Ah, good call.
Although, in your third example (the one where you say "Then you might
as well just do this:"), you are using the $variable without the $_POST
array -- with register_globals off, don't I have to use the $_POST array?
But I see what you're saying, that I need to do some checking
My advice would be to do it like this:
$variable = $_POST['variable'];
// some PHP code that validates that $variable is something reasonable
$sql = "SELECT table.column FROM table WHERE criteria LIKE $variable";
If you just do this:
$sql = "SELECT table.column FROM table WHERE criteria LIKE ${
3 matches
Mail list logo
