PHP forum, your PHP coding community

A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.

Skip to content

database variable

Links for php scripts

Moderators: macek, egami, gesf

Post Reply
User avatar
Redcircle
Moderator
Moderator
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA
Contact:
Contact Redcircle

Re: database variable

Postby Redcircle » Wed Mar 26, 2008 2:36 pm

because $group is not defined in the function you would have to either define it our pass it into the function.

function displayUsers($group){

}

also I'd recommend to escape the string to avoid sql injections. see mysql_real_escape_string
$q = "SELECT username,userlevel,email,group FROM ".TBL_USERS." WHERE user= '".mysql_real_escape_string($group)."'";

unless you know for a fact that $group is sanitized you should use mysql_real_escape_string() on any variable that you have gotten from the user. Trusted or not.
Top
Post Reply

Return to “PHP Scripts”

Who is online

Users browsing this forum: Google [Bot] and 1 guest

Powered by phpBB® Forum Software © phpBB Limited
We recommend mod_ruid2 web hosting , traduzioni rumeno italiano and antispam for cPanel.