Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-19 Thread Eric Butera
Could you direct me towards any good resources on general security with php/mysql? http://phpsec.org/library/ Make sure to read these: - data filtering - sql injection . . .and all the others in time. =)

Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-18 Thread Paul Jinks
Richard Davey wrote: ? $connect = mysql_connect(, , ) or die(could not connect); $db = mysql_select_db() or die(could not select db); if (isset($HTTP_GET_VARS['projTitle'])) { $SQLQuery = SELECT * FROM project WHERE projTitle =

Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-16 Thread David Grant
Paul Jinks wrote: $SQLQuery = SELECT * FROM project WHERE projTitle = .$HTTP_GET_VARS['projTitle'] or die(SQLQuery 1 failed); $SQLQuery = SELECT * FROM project WHERE projTitle = ' . $HTTP_GET_VARS['projTitle'] . '; Not sure why you've got the or die() there.

Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-16 Thread Richard Davey
On 16 Dec 2005, at 12:30, Paul Jinks wrote: I have a site where users can search study projects. I'd like to be able to clicks on a project title which passes a variable to this page, which then displays all the data on that project in a table. Cool - and to a noob like me, actually pretty

Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-16 Thread Paul Jinks
David Grant wrote: $SQLQuery = SELECT * FROM project WHERE projTitle = ' . $HTTP_GET_VARS['projTitle'] . '; Yep, that fixed it. Thanks. I had a feeling there was a mix up with the s and 's. What's with the . s? Not sure why you've got the or die() there. I had the idea that you could

Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-16 Thread Paul Jinks
Richard Davey wrote: ($HTTP_GET_VARS), because lots do not. I would suggest replacing $HTTP_GET_VARS with $_GET (in all instances), because the long format will eventually vanish and your script will cease to work. Cheers Rich, will sort this out. I assume you removed the MySQL details

Re: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-16 Thread David Grant
Paul, Paul Jinks wrote: David Grant wrote: $SQLQuery = SELECT * FROM project WHERE projTitle = ' . $HTTP_GET_VARS['projTitle'] . '; Yep, that fixed it. Thanks. I had a feeling there was a mix up with the s and 's. What's with the . s? The . is a concatenation operator, i.e. it joins two

RE: [PHP] PHP/MySQL noob rides again.. into trouble

2005-12-16 Thread Kilbride, James
@lists.php.net Subject: Re: [PHP] PHP/MySQL noob rides again.. into trouble David Grant wrote: $SQLQuery = SELECT * FROM project WHERE projTitle = ' . $HTTP_GET_VARS['projTitle'] . '; Yep, that fixed it. Thanks. I had a feeling there was a mix up with the s and 's. What's with the . s