PHWinfo - Afficher un message

11/09/2007, 18h22

>From: Jason Pruim <japruim@raoset.com>
>Here is the relevant code (I think...)
>
>$search = $_GET["search"];
>$self = $_SERVER['PHP_SELF'];
>$qstring = "SELECT * FROM current WHERE FName like '%$qstring%' or LName
>like '%$qstring%' or Add1 like '%$qstring%' or Add2 like '% $qstring%' or
>City like '%$qstring%' or State like '%$qstring%' or Zip like '%$qstring%'
>or XCode like '%qstring%'";

Perhaps you meant
like '%$search%'
instead of
like '%$qstring%' multiple times?

Also read http://en.wikipedia.org/wiki/SQL_injection

__________________________________________________ _______________
Gear up for Halo® 3 with free downloads and an exclusive offer.
http://gethalo3gear.com?ocid=Septemb...lo3_MSNHMTxt_1

11/09/2007, 18h22	#2
Instruct ICC Messages: n/a Hébergeur:	RE: [PHP] SEARCHING for an answer... >From: Jason Pruim <japruim@raoset.com> >Here is the relevant code (I think...) > >$search = $_GET["search"]; >$self = $_SERVER['PHP_SELF']; >$qstring = "SELECT * FROM current WHERE FName like '%$qstring%' or LName >like '%$qstring%' or Add1 like '%$qstring%' or Add2 like '% $qstring%' or >City like '%$qstring%' or State like '%$qstring%' or Zip like '%$qstring%' >or XCode like '%qstring%'"; Perhaps you meant like '%$search%' instead of like '%$qstring%' multiple times? Also read http://en.wikipedia.org/wiki/SQL_injection __________________________________________________ _______________ Gear up for Halo® 3 with free downloads and an exclusive offer. http://gethalo3gear.com?ocid=Septemb...lo3_MSNHMTxt_1