Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon.

Pages: 1-

PHP Syntax

Name: Anonymous 2010-12-19 19:55

I've got txt1 being submitted from a form field on my html page, but what is the proper syntax for this query field? This is what I have:



$query = "SELECT NAME, CITY, EMAIL WHERE FANID = '${txt1}' ";

Name: Anonymous 2010-12-19 20:13

$txt1 = "' or '' = '";

Name: Anonymous 2010-12-19 20:59

>>2

Sorry, wat?

Name: HERR ASSBURGER 2010-12-19 21:06

THIS THREAD HAS BEEN REPLACED WITH THE FOLLOWING THREAD:

Subject: PUDDI
Message: OP is a Faggot?

Name: Anonymous 2010-12-19 22:25

doesn't php have a database interface with placeholders yet?

Name: Anonymous 2010-12-20 12:23

>>4
It doesn't work :(

Name: Anonymous 2010-12-20 14:43

Could someone please clarify what
>>2
said?

Name: Anonymous 2010-12-20 14:48

>>7
Christ, you literally only have to fill in the blanks:
$query = "SELECT NAME, CITY, EMAIL WHERE FANID = '' or '' = ''";
See how FANID = '' or '' = '' is always true? Your code is vulnerable to SQL injection attacks.

Name: Anonymous 2010-12-20 14:52

>>8
For the purpose of my shitty internet programming class, vulnerabilities are irrelevant. I just need something that works.

Name: Anonymous 2010-12-20 15:11

http://php.net/manual/en/book.pdo.php

Read.

Name: Anonymous 2011-01-31 19:48

<-- check em dubz

PHP Syntax

1 Name: Anonymous 2010-12-19 19:55

2 Name: Anonymous 2010-12-19 20:13

3 Name: Anonymous 2010-12-19 20:59

4 Name: HERR ASSBURGER 2010-12-19 21:06

5 Name: Anonymous 2010-12-19 22:25

6 Name: Anonymous 2010-12-20 12:23

7 Name: Anonymous 2010-12-20 14:43

8 Name: Anonymous 2010-12-20 14:48

9 Name: Anonymous 2010-12-20 14:52

10 Name: Anonymous 2010-12-20 15:11

11 Name: Anonymous 2011-01-31 19:48