sharkapult
Limp Gawd
- Joined
- May 2, 2006
- Messages
- 479
/* assume $name is user data culled from a POSTed HTML form... */
$query = "SELECT * FROM customers WHERE lastname = '" . $name ."';"
$result = mysql_query($query);
Construct a simple PHP edit that will catch malformed (malicious?) POST/GET data in $name.
I guess I'm simply confused...
I'm under the impression that I'm supposed to edit the above code, but the wording confuses me. Odds are I won't hear back from the teacher until Monday, and it's due Wednesday...but any insight might be helpful.
My guess is it has something to do with the "' . $name .'";", with the first thing striking my attention is the fact that the ; is inside the last ". I would think it should be:
$query = "SELECT * FROM customers WHERE lastname = '" . $name ."'"; if we actually are supposed to edit the above line.
$query = "SELECT * FROM customers WHERE lastname = '" . $name ."';"
$result = mysql_query($query);
Construct a simple PHP edit that will catch malformed (malicious?) POST/GET data in $name.
I guess I'm simply confused...
I'm under the impression that I'm supposed to edit the above code, but the wording confuses me. Odds are I won't hear back from the teacher until Monday, and it's due Wednesday...but any insight might be helpful.
My guess is it has something to do with the "' . $name .'";", with the first thing striking my attention is the fact that the ; is inside the last ". I would think it should be:
$query = "SELECT * FROM customers WHERE lastname = '" . $name ."'"; if we actually are supposed to edit the above line.