thread: 2006-04-21 : The Marginalia Code
On 2006-04-21, Joshua Kronengold wrote:
Still, dude.
At least use parameterized queries—that sort of stuff is just way too dangerous.
Try something like (I don't know PHP, but this is close enough to perl):
$qtext="insert into reminds (entryid, commentid, ondate, initials, linkto, linktext) values (?, ?, ?, ?, ?, ?)";
if($press=="Submit, Monkey!") {
$result=mysql_query($qtext,$entry, $comment, $ondate, $initials, $linkto, $linktext) or die(mysql_error());
print "
Success! Sweet, sweet success. Click here.
";
mysql_free_result($result);
}