Page 1 of 1

is this legal

Posted: Sat Nov 21, 2009 11:12 am
by vin_akleh
is this legal:???
$queue=mysql_query("select * from li where type like '" . $_POST["M"] . "' order by ld desc limit 20");

Re: is this legal

Posted: Sat Nov 21, 2009 11:15 am
by iankent
It looks ok, though you should escape the value in $_POST before inserting it into an SQL query by using mysql_real_escape_string()

Re: is this legal

Posted: Wed Dec 09, 2009 2:38 pm
by vin_akleh
thanks