On cs, 2007-01-18 at 20:46 +0100, Jochem Maas wrote:
> Németh Zoltán wrote:
> > On cs, 2007-01-18 at 02:04 -0800, pub wrote:
> >> On Jan 18, 2007, at 2:00 AM, Németh Zoltán wrote:
> >>
>
>
> ...
>
> > maybe you should use a parameter for it, place it into the link in the
> > first query loop, get it here and query based on it
> >
> > like "SELECT * FROM job WHERE id={$_GET['job_id']}" or whatever
>
> SQL INJECTION WAITING TO HAPPEN.
true, sorry
so check the value first
greets
Zoltán Németh
>
>
> ...
>
> >> foreach($row as $url)
> >> {
> >> $row = mysql_fetch_array($result2,MYSQL_ASSOC);
> >> if ("url={$row['url']}")
>
> what is this IF statement supposed to be doing???
> because it will always evaluate to true
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
