I’m querying a database from a form field containing a user submitted numeric value to see if this number exists. If it dose then let the user know it’s valid and if not then tell same.
My question is what sort of security should I use? I’m somewhat new still to PHP but wanted to build this script myself. So far my form simply uses this field to input the data.
Code: Select all
<input type="text" name="v_number_1" value="<?php if (isset($_POST['v_number_1'])) echo $_POST['v_number_1'];?>" size="32">Code: Select all
if (isset($_POST['v_number_1'])){
($voucher_1 = $_POST['v_number_1']);
mysql_select_db($database_*****, $***);
$query_GetVouchers1 = "SELECT * FROM vouchers WHERE v_number = '$voucher_1'";
$GetVouchers1 = mysql_query($query_GetVouchers1, $***) or die(mysql_error());
$row_GetVouchers1 = mysql_fetch_assoc($GetVouchers1);
$totalRows_GetVouchers1 = mysql_num_rows($GetVouchers1);
}Any pointers as to what I should use overall to secure this would be great.
Thanks