Return Styles: Pseud0ch, Terminal, Valhalla, NES, Geocities, Blue Moon. Entire thread

PHP Syntax

Name: Anonymous 2010-12-19 19:55

I've got txt1 being submitted from a form field on my html page, but what is the proper syntax for this query field? This is what I have:


$query = "SELECT NAME, CITY, EMAIL WHERE FANID = '${txt1}' ";

Name: Anonymous 2010-12-20 14:48

>>7
Christ, you literally only have to fill in the blanks:
$query = "SELECT NAME, CITY, EMAIL WHERE FANID = '' or '' = ''";
See how FANID = '' or '' = '' is always true? Your code is vulnerable to SQL injection attacks.
Newer Posts
Don't change these.
Name: Email:
Entire Thread Thread List
All trademarks and copyrights on this site are owned by their respective parties. All comments and posts are the responsibility of their own posters.
- Tinychan + 2ch Mode -