""Eric Butera"" <eric.butera@xxxxxxxxx> wrote in message news:6a8639eb0901140825h1d603d01i3ffcce919dca6ad1@xxxxxxxxxxxxxxxxx > On Wed, Jan 14, 2009 at 11:17 AM, MikeP <mpeloso@xxxxxxxxxxxxx> wrote: >> Hello, >> I am trying to get the following to work: >> "Select Netid from Users where Netid = '$_SESSION[phpCAS][user]'" >> Netid is a string type. >> No matter where of if I put the quotes, I still get array[phpCAS] not the >> value. >> If there is anything I still have trouble with after all these years its >> quoting variables. >> Help? >> Thanks >> Mike >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > Dude we just helped you with this same exact thing the other day. And > you're still allowing SQL injection. No, actually I test my querys first and then wrap them in mysql_real_escape_string(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
