Page 1 of 1

Help with really simple promlem =\

Posted: Sat Apr 04, 2009 12:16 pm
by Paws
Ok i'm still pretty new to php. What is wrong with this?

Code: Select all

  $sql = "SELECT * FROM `game` WHERE `id` = ' . $_GET['id']"; 

Re: Help with really simple promlem =\

Posted: Sat Apr 04, 2009 12:33 pm
by The Omen
I think it should be:

Code: Select all

$sql = "SELECT * FROM `game` WHERE `id` = '" . $_GET['id'];

Re: Help with really simple promlem =\

Posted: Sat Apr 04, 2009 5:16 pm
by califdon
Yes, except that--do yourself a huge favor--don't ever use a $_GET (or a $_POST) variable without cleansing it with mysql_real_escape_string()! Can you see what would happen if I go to your web site and enter in my browser address box:

yourdomain.com/whatever.php?id=5; DROP TABLE `game`

?