I thought that $_GET[] and $_POST[] could be used in place of regular variables... that is,
$sql = "SELECT * FROM tablename WHERE tablename.column=$_GET['criteria_integer']"; but unfortunately, this isn't working. On Thursday, January 10, 2002, at 08:18 AM, Ford, Mike [LSS] wrote: >> -----Original Message----- >> From: Erik Price [mailto:[EMAIL PROTECTED]] >> Sent: 09 January 2002 19:22 >> >> I'm trying to write my code in accordance with the PHP 4.1.0 security >> advisory -- that is, I want to use the $_GET and $_POST arrays when >> grabbing variables passed with GET and POST forms. But how should I >> construct the variables for a "switch" statement? I'm left confused, >> since these aren't written with the "$" prefix as most >> variables are... > > Err -- yes, they are! > >> Should it be: >> case "_POST['insert']" >> >> or should it be: >> case "$_POST['select']" > > What's wrong with: > > case $_POST['insert'] > > But, if you insist on the quotes, it needs to be: > > case "{$_POST['insert']}" > > to ensure that the array index gets processed properly. > > Cheers! > > Mike > > --------------------------------------------------------------------- > Mike Ford, Electronic Information Services Adviser, > Learning Support Services, Learning & Information Services, > JG125, James Graham Building, Leeds Metropolitan University, > Beckett Park, LEEDS, LS6 3QS, United Kingdom > Email: [EMAIL PROTECTED] > Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]