 85242 |
 35212 |
|
|
||
|
|
|||||||
| Welcome to the Exploding Garrmondo Weiner Interactive Swiss Army Penis. |
|
GFF is a community of gaming and music enthusiasts. We have a team of dedicated moderators, constant member-organized activities, and plenty of custom features, including our unique journal system. If this is your first visit, be sure to check out the FAQ or our GFWiki. You will have to register before you can post. Membership is completely free (and gets rid of the pesky advertisement unit underneath this message).
|
 |
|
|
Thread Tools |
  Member 5 Level 45.31 Feb 2006 
|
It's $_POST, not $S_POST.
Also, always scrub your variables without fail, otherwise you're a ripe target for SQL injection. Whether there's a text box or any form of editable input does not matter. People can manually craft POST parameters, place form elements using local javascript, etc. Another note about the difference between double quotes and single quotes: if you use single quotes around a string, PHP will NOT insert variable values. In other words, if you have Code:
$variable = 'test'; $string = 'This is a $variable'; echo $string; Code:
This is a $variable Put double quotes instead: Code:
$string = "This is a $variable"; Jam it back in, in the dark.
Last edited by Bigblah; Dec 31, 2009 at 01:36 AM.
|
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Questions from a complete noob about ripping ... | Dark Rubes | Behind the Music | 7 | Jan 8, 2007 03:25 AM |
Bigblah