vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   Safe, Simple, SQL statement (https://vborg.vbsupport.ru/showthread.php?t=64528)

Dankinit 04-29-2004 12:24 PM
Safe, Simple, SQL statement
 
After reading about sql injection methods on various sites and proper coding techniques from the new vb3 manual, I'm looking over all my code before launching next vb3 version of my site.

What's the proper way to write this statement? As it stands, it doesn't work. I know it's the way i'm using quotes around $letter variable, just wondering the "proper" and safe way to access this. Thanks for any help :)

PHP Code:
    $letterlisting $DB_site->query("
        SELECT ID,Artist 
        FROM music 
        WHERE Artist LIKE '" $letter "'
        GROUP BY Artist 
        ORDER BY Artist;
    "); 

Xenon 04-29-2004 12:30 PM
you have to use parameters when you're using LIKE:
Code:
WHERE Artist LIKE '" . $letter . "%'

Dankinit 04-29-2004 01:36 PM
Thanks, after all that rework i did, i forgot the important "%"! No wonder it wasn't working :) Thanks Xenon.

filburt1 04-29-2004 01:48 PM
Always wrap any string variable with addslashes() and numeric values with intval() when using them in queries.

Xenon 04-29-2004 04:04 PM
Quote:
Originally Posted by Dankinit
Thanks, after all that rework i did, i forgot the important "%"! No wonder it wasn't working :) Thanks Xenon.
you're welcome :)


All times are GMT. The time now is 07:40 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01041 seconds
  • Memory Usage 1,720KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (5)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete