is this legal

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
vin_akleh
Forum Commoner
Posts: 53
Joined: Sat Feb 14, 2009 10:26 am

is this legal

Post by vin_akleh »

is this legal:???
$queue=mysql_query("select * from li where type like '" . $_POST["M"] . "' order by ld desc limit 20");
User avatar
iankent
Forum Contributor
Posts: 333
Joined: Mon Nov 16, 2009 4:23 pm
Location: Wales, United Kingdom

Re: is this legal

Post by iankent »

It looks ok, though you should escape the value in $_POST before inserting it into an SQL query by using mysql_real_escape_string()
vin_akleh
Forum Commoner
Posts: 53
Joined: Sat Feb 14, 2009 10:26 am

Re: is this legal

Post by vin_akleh »

thanks
Post Reply