Dankinit
04-29-2004, 12:24 PM
After reading about sql injection methods on various sites and proper coding techniques from the new vb3 manual, I'm looking over all my code before launching next vb3 version of my site.
What's the proper way to write this statement? As it stands, it doesn't work. I know it's the way i'm using quotes around $letter variable, just wondering the "proper" and safe way to access this. Thanks for any help :)
$letterlisting = $DB_site->query("
SELECT ID,Artist
FROM music
WHERE Artist LIKE '" . $letter . "'
GROUP BY Artist
ORDER BY Artist;
");
What's the proper way to write this statement? As it stands, it doesn't work. I know it's the way i'm using quotes around $letter variable, just wondering the "proper" and safe way to access this. Thanks for any help :)
$letterlisting = $DB_site->query("
SELECT ID,Artist
FROM music
WHERE Artist LIKE '" . $letter . "'
GROUP BY Artist
ORDER BY Artist;
");