anyway.



thread: 2006-04-21 : The Marginalia Code

On 2006-04-21, Joshua Kronengold wrote:

Still, dude.

At least use parameterized queries—that sort of stuff is just way too dangerous.

Try something like (I don't know PHP, but this is close enough to perl):

$qtext="insert into reminds (entryid, commentid, ondate, initials, linkto, linktext) values (?, ?, ?, ?, ?, ?)";

if($press=="Submit, Monkey!") {
$result=mysql_query($qtext,$entry, $comment, $ondate, $initials, $linkto, $linktext) or die(mysql_error());

print "

Success! Sweet, sweet success. Click here.

";
mysql_free_result($result);

}



 

This makes...
initials
...go...
short response
optional explanation (be brief!):

if you're human, not a spambot, type "human":