Re: Dynamic DB query - form display

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




I'm aware it would be a security hole if it were available to all users, but it's just for me at the mo, other users get a watered down version with just check boxes. I basically want to allow flexible filtering of a set of data but obviously this poses a few challenges, any ideas always weclome!

Thanks for the tip by the way,  i ended up doing the following

$field = stripslashes(htmlentities($field,ENT_QUOTES));

Adrian

David Grant wrote:

Hi Adrian,

This appears to be a security hole, but since that wasn't the reason for
the question, please try:

echo"<input type='text' value='" . htmlentities($clause, ENT_QUOTES) . "'>";

php.net/htmlentities

Cheers,

David Grant

Adrian Bruce wrote:
Hi

I am trying Dynamically creating a Query based on form input for an
intranet, i have a text input that allows a user to input part of a
where clause such as  - not like '04%' - . this bit works fine but i
would like to display the clause back in the form field when the page
reloads.
$clause = "not like '04%'";
echo"<input type='text' value='$clause'>";

Now obviously i hit a problem with the use of 'the quotation marks ' ' and just see - not like \ - in the form field. I need to keep the '
marks around the 04% for the query.  Any ideas how i can do this??

Any help much appreciated!

Adrian



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux