quick question:
is it possible to do this?
$a=$_GET['a'];
$b=$_GET['b'];
$sql = "SELECT * FROM whatever WHERE '$a' LIKE '%$b%'";
quick question
Moderator: General Moderators
Re: quick question
Yes, it's possible. Recommended? NO......
Escape ALL user input... assume it's malicious even. I'd recommend at the very least you run mysql_real_escape_string() on it.
Escape ALL user input... assume it's malicious even. I'd recommend at the very least you run mysql_real_escape_string() on it.
-
knightsjoker
- Forum Newbie
- Posts: 13
- Joined: Fri Dec 26, 2008 2:00 am
Re: quick question
ah ic thanks