I thought that $_GET[] and $_POST[] could be used in place of regular variables... that is,
$sql = "SELECT * FROM tablename WHERE tablename.column=$_GET['criteria_integer']"; but unfortunately, this isn't working. It resulted in the following error message in the browser: Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in /home/eprice/public_html/people3.php on line 150 Yes, line 150 is exactly where I have this. It does seem to work if I do this: $criteria_integer = $_GET['criteria_integer']; $sql = "SELECT * FROM tablename WHERE tablename.column=$criteria_integer"; But I thought that the $_GET variable could be used in the same way that I historically used the simple variable name $criteria_integer . Can anyone shed some light on how these predefined variables work in this instance? Erik On Thursday, January 10, 2002, at 08:18 AM, Ford, Mike [LSS] wrote: >> -----Original Message----- >> From: Erik Price [mailto:[EMAIL PROTECTED]] >> Sent: 09 January 2002 19:22 >> >> I'm trying to write my code in accordance with the PHP 4.1.0 security >> advisory -- that is, I want to use the $_GET and $_POST arrays when >> grabbing variables passed with GET and POST forms. But how should I >> construct the variables for a "switch" statement? I'm left confused, >> since these aren't written with the "$" prefix as most >> variables are... > > Err -- yes, they are! > >> Should it be: >> case "_POST['insert']" >> >> or should it be: >> case "$_POST['select']" > > What's wrong with: > > case $_POST['insert'] > > But, if you insist on the quotes, it needs to be: > > case "{$_POST['insert']}" > > to ensure that the array index gets processed properly. > > Cheers! > > Mike > > --------------------------------------------------------------------- > Mike Ford, Electronic Information Services Adviser, > Learning Support Services, Learning & Information Services, > JG125, James Graham Building, Leeds Metropolitan University, > Beckett Park, LEEDS, LS6 3QS, United Kingdom > Email: [EMAIL PROTECTED] > Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
