On Wed, Nov 09, 2005 at 11:21:36PM -0000, Ross wrote:
>
> What is the correct syntax for
>
> $query = "SELECT * FROM login where username='$_POST['username']' AND pass
> ='$_POST['pass']'";
>
<?php
if (get_magic_quotes_gpc()) {
$_POST['username'] = stripslashes($_POST['username']);
$_POST['pass'] = stripslashes($_POST['pass']);
}
/* where dbdriver is mysql[_real] or pg, etc.. */
$username = dbdriver_escape_string($_POST['username']);
$pass = dbdriver_escape_string($pass);
$query = "SELECT * FROM login
WHERE username = '$username' AND pass = '$pass'";
Curt.
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
