[thelist] Rusty PHP questions...
Ken Robinson
kenrbnsn at rbnsn.com
Mon Oct 15 10:45:46 CDT 2007
Quoting Tom Dell'Aringa <pixelmech at gmail.com>:
> On 10/15/07, John Handelaar <john at userfrenzy.com> wrote:
>>
>> > 3. Lastly, just checking that I am setting my variable correctly. They
>> are
>> > appending an id onto the get string for each link, so I set it at the
>> top of
>> > the page like so, so I can test for it at the section when I need it:
>> >
>> > $raceId = $_GET['id'];
>>
>> One tip:
>>
>> a) Take a backup (seriously, *TAKE A BACKUP* before moving to b)
>> b) Try appending this to the page URI:
>>
>> ?id=0;DELETE FROM event_list;
>>
>> c) Plug the huge hole you just described.
>
>
> Holy carp! Ok, HOW do I plug that huge hole, I have no idea. Man do I stink
> at php these days.
Use the function mysql_real_escape_string(). This function will help
prevent SQL injections from working:
$raceID = mysql_real_escape_string($_GET['id']);
Ken
More information about the thelist
mailing list