is this legal:???
$queue=mysql_query("select * from li where type like '" . $_POST["M"] . "' order by ld desc limit 20");
is this legal
Moderator: General Moderators
- iankent
- Forum Contributor
- Posts: 333
- Joined: Mon Nov 16, 2009 4:23 pm
- Location: Wales, United Kingdom
Re: is this legal
It looks ok, though you should escape the value in $_POST before inserting it into an SQL query by using mysql_real_escape_string()