[Chugalug] Newbie question

Tyler Mittan flashbatmanquestion at gmail.com
Sat Aug 17 15:49:57 UTC 2013


I'm actually glad that this was brought up again. I am trying something new
and was wondering how it looks:

http://pastebin.com/v3XT3PSD

For some reason when I am writing the first stmt it keeps closing the php
syntax and then the rest is showing up on the webpage like it is part of
the html. How can I get it to stop doing that?
When I said that, I was just trying to find the quick fix for his problem.
I later warned him that he would have SQL injection issues with a statement
like that. I just didn't want anyone to get the idea that I wrote that SQL
statement. I was merely pointing out that he was missing the keyword
"VALUES" in his pastebin code.


On Sat, Aug 17, 2013 at 11:24 AM, Dan Lyke <danlyke at flutterby.com> wrote:

> On Fri, 16 Aug 2013 20:18:04 -0400
> Randy Yates <lpcustom at gmail.com> wrote:
> > Tyler, your SQL statement may be failing. Have you tried that
> > statement manually in mysql? You may need to add VALUES like so:
> >
> >    1. INSERT INTO sedan ( year, make, model, color, price)
> >    values('{$_POST['year']}','{$_POST['make']}', '{$_POST['model']}',
> >    '{$_POST['color']}', '{$_POST['price']}')";
>
> I know nothing about PDO, and am not generally a fan of ORMs, but never
> ever ever do this.
>
> Use bound variables, or make sure that values put into SQl statements
> get properly quoted.
>
> Here's why: http://xkcd.com/327/
>
> Dan
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>



-- 
Google reads my email!

_______________________________________________
Chugalug mailing list
Chugalug at chugalug.org
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130817/8d43d0ef/attachment.html>


More information about the Chugalug mailing list