> Putting commands into input containers in HTML is deprecated in the
> XHTML specification. You should use this instead in the input:
Only if your doctype is XHTML, in which case you should also close
every tag, including the input tag. If your doctype is HTML your code
is fine. I use the HTML v
Putting commands into input containers in HTML is deprecated in the
XHTML specification. You should use this instead in the input:
readonly="readonly"
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Jason Pruim wrote:
>
> On Aug 27, 2008, at 12:48 PM, Jason
On Aug 27, 2008, at 12:48 PM, Jason Pruim wrote:
For everyone that has helped me on this thank you! :) the solution was
changing from: to type="text" name="txtFName" READONLY> Read only fields still get
passed with POST'ed info where as disabled does not.
And yes I will be adding some p
On Aug 27, 2008, at 12:41 PM, Evert Lammerts wrote:
Everybody seems to agree on escaping :-) And I'm learning! HEREDOC,
nifty indeed!
Yeah, ever since I found out about HEREDOC I've used it quite
extensively with some of my projects... Also, when you're in the
HEREDOC block, if you need t
Everybody seems to agree on escaping :-) And I'm learning! HEREDOC,
nifty indeed!
How about your $_POST variable, is there anything in there?
On Wed, Aug 27, 2008 at 6:38 PM, Jason Pruim <[EMAIL PROTECTED]> wrote:
>
> On Aug 27, 2008, at 12:24 PM, Evert Lammerts wrote:
>
>> Your index.php looks v
On Aug 27, 2008, at 12:24 PM, Evert Lammerts wrote:
Your index.php looks very strange:
?>
I'm guessing you're echoing this? I never echo from my scripts so I
don't know if this is new functionality, but in my days you echoed
either by or by .
It is a index.php page using the HERE
Jason Pruim wrote:
I plan to wrap the $_POST's into something to protect against some
issues like that. But this was a proof of concept for the boss so it
just needed to be up quickly to see if it was something we wanted to go
ahead with :)
Well, no worries about that then. We're just lookin
YVES SUCAET wrote:
> One suggestion: you may want put mysql_real_escape_string() wrappers
around
> all those $_POST[] fields to prevent SQL hijacking of your site.
[...]
>mysqli_query($link, $sql) or die("Could not update..." .
Yves, he's using mysqli, not mysql. You should not mix those f
Hi Yves,
I plan to wrap the $_POST's into something to protect against some
issues like that. But this was a proof of concept for the boss so it
just needed to be up quickly to see if it was something we wanted to
go ahead with :)
On Aug 27, 2008, at 12:21 PM, YVES SUCAET wrote:
Ah, ho
Hi, Jason. Do you realize this code is wide open for an SQL injection
attack? The problem could easily be addressed by using a prepared query
instead. For more details, check the mysqli documentation.
Jason Pruim wrote:
The problem is when I am attempting to update some of the info, it
era
Your index.php looks very strange:
>
>
>
>
>
> ?>
I'm guessing you're echoing this? I never echo from my scripts so I
don't know if this is new functionality, but in my days you echoed
either by or by .
Anyway, since you're using the $_POST variable, did you check if it
contains any val
Ah, how to debug SQL code in PHP...
Here's what I would do: run your query separately in something like SQLyog or
the Netbeans database interface. Just to "echo $sql" and copy and paste. An
"echo $Record" statement may also help to assure that you're passing on the PK
to the record correctly.
One
12 matches
Mail list logo
