On 21/04/2004, at 12:39 PM, Anthony Ritter wrote:
$searchtext = $_POST['searchtext'];
Firstly, using POST data directly in an SQL query is *really
dangerous*. At the very least, you might want to trim it's length,
strip tags, and trim white space.
$searchtext = trim(strip_tags(sub_str($_POST['
Greets,
The following code snippet receives data from a textbox named searchtext if
the user types in a word.
It then tries to match that word from the mysql database using:
$searchtext = $_POST['searchtext'];
if ($searchtext != '') { // Some search text was specified
$where .= " AND blurb LIKE
2 matches
Mail list logo
