Help with really simple promlem =\

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Paws
Forum Newbie
Posts: 15
Joined: Sun Nov 30, 2008 8:26 am

Help with really simple promlem =\

Post by Paws »

Ok i'm still pretty new to php. What is wrong with this?

Code: Select all

  $sql = "SELECT * FROM `game` WHERE `id` = ' . $_GET['id']"; 
The Omen
Forum Newbie
Posts: 8
Joined: Sat Apr 04, 2009 9:45 am

Re: Help with really simple promlem =\

Post by The Omen »

I think it should be:

Code: Select all

$sql = "SELECT * FROM `game` WHERE `id` = '" . $_GET['id'];
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Help with really simple promlem =\

Post by califdon »

Yes, except that--do yourself a huge favor--don't ever use a $_GET (or a $_POST) variable without cleansing it with mysql_real_escape_string()! Can you see what would happen if I go to your web site and enter in my browser address box:

yourdomain.com/whatever.php?id=5; DROP TABLE `game`

?
Post Reply