The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Safe, Simple, SQL statement
After reading about sql injection methods on various sites and proper coding techniques from the new vb3 manual, I'm looking over all my code before launching next vb3 version of my site.
What's the proper way to write this statement? As it stands, it doesn't work. I know it's the way i'm using quotes around $letter variable, just wondering the "proper" and safe way to access this. Thanks for any help PHP Code:
|
#2
|
||||
|
||||
you have to use parameters when you're using LIKE:
Code:
WHERE Artist LIKE '" . $letter . "%' |
#3
|
|||
|
|||
Thanks, after all that rework i did, i forgot the important "%"! No wonder it wasn't working Thanks Xenon.
|
#4
|
|||
|
|||
Always wrap any string variable with addslashes() and numeric values with intval() when using them in queries.
|
#5
|
||||
|
||||
Quote:
|
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|