[thelist] Rusty PHP questions...

Ken Robinson kenrbnsn at rbnsn.com
Mon Oct 15 10:45:46 CDT 2007

Quoting Tom Dell'Aringa <pixelmech at gmail.com>:

> On 10/15/07, John Handelaar <john at userfrenzy.com> wrote:
>> > 3. Lastly, just checking that I am setting my variable correctly. They
>> are
>> > appending an id onto the get string for each link, so I set it at the
>> top of
>> > the page like so, so I can test for it at the section when I need it:
>> >
>> > $raceId = $_GET['id'];
>> One tip:
>> a)  Take a backup (seriously, *TAKE A BACKUP* before moving to b)
>> b)  Try appending this to the page URI:
>>     ?id=0;DELETE FROM event_list;
>> c)  Plug the huge hole you just described.
> Holy carp! Ok, HOW do I plug that huge hole, I have no idea. Man do I stink
> at php these days.

Use the function mysql_real_escape_string(). This function will help  
prevent SQL injections from working:

     $raceID = mysql_real_escape_string($_GET['id']);


More information about the thelist mailing list