quick question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
knightsjoker
Forum Newbie
Posts: 13
Joined: Fri Dec 26, 2008 2:00 am

quick question

Post by knightsjoker »

quick question:

is it possible to do this?

$a=$_GET['a'];
$b=$_GET['b'];

$sql = "SELECT * FROM whatever WHERE '$a' LIKE '%$b%'";
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: quick question

Post by Mirge »

Yes, it's possible. Recommended? NO......

Escape ALL user input... assume it's malicious even. I'd recommend at the very least you run mysql_real_escape_string() on it.
knightsjoker
Forum Newbie
Posts: 13
Joined: Fri Dec 26, 2008 2:00 am

Re: quick question

Post by knightsjoker »

ah ic thanks
Post Reply