Re: continue with link to other page
Posted by:
Rick James
Date: January 10, 2015 10:32AM
When handing off to another program, you need to escape strings.
For example, in
<td><a href="full_table_row_results.php?ID='.$row['ID'].'">'.$row['ID'].'</td>
The first $row['ID'] needs to be run through urlencode, and not quoted. The second one needs htmlentities. When handing to mysqli, you need real_escape_string:
$s = $handler->real_escape_string($id);
$sql = "SELECT ID, NAAM, CONTACT,FROM `table` WHERE ID = '$s'";
Quotes are optional if $id is a number, but beware of "SQL injection". No parentheses. etc.
Subject
Written By
Posted
December 05, 2014 04:06AM
Re: continue with link to other page
January 10, 2015 10:32AM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.