On Wed, November 9, 2005 5:21 pm, Ross wrote:
> $query = "SELECT * FROM login where username='$_POST['username']' AND
> pass
> ='$_POST['pass']'";
In addition to the fine posts regarding SQL Injection and curly
braces, I'd like to provide one other alternative heretofore
unmentioned:
$query = "SELECT * FROM login where username = '$_POST[username]' AND
pass = '$_POST[pass]'";
PHP is happy to interpolate arrays within quotes, but only if you do
NOT quote the index.
"{$array['key']}" -- good, after PHP 4.?.?
"$array[key]" -- good
"$array['key']" -- bad
--
Like Music?
http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
