Greets,
The following code snippet receives data from a textbox named searchtext if
the user types in a word.
It then tries to match that word from the mysql database using:
$searchtext = $_POST['searchtext'];
if ($searchtext != '') { // Some search text was specified
$where .= AND blurb LIKE
On 21/04/2004, at 12:39 PM, Anthony Ritter wrote:
$searchtext = $_POST['searchtext'];
Firstly, using POST data directly in an SQL query is *really
dangerous*. At the very least, you might want to trim it's length,
strip tags, and trim white space.
$searchtext =
2 matches
Mail list logo
