From: Jason Pruim <japruim@xxxxxxxxxx>
Here is the relevant code (I think...)
$search = $_GET["search"];
$self = $_SERVER['PHP_SELF'];
$qstring = "SELECT * FROM current WHERE FName like '%$qstring%' or LName
like '%$qstring%' or Add1 like '%$qstring%' or Add2 like '% $qstring%' or
City like '%$qstring%' or State like '%$qstring%' or Zip like '%$qstring%'
or XCode like '%qstring%'";
Perhaps you meant
like '%$search%'
instead of
like '%$qstring%' multiple times?
Also read http://en.wikipedia.org/wiki/SQL_injection
_________________________________________________________________
Gear up for Halo® 3 with free downloads and an exclusive offer.
http://gethalo3gear.com?ocid=SeptemberWLHalo3_MSNHMTxt_1
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
