claunia/qemudb
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

query_parameters() usage example and the rule that all variables should be passed as parameters

Browse Source
This commit is contained in:
Chris Morgan
2006-07-04 06:19:06 +00:00
committed by WineHQ
parent fad9278013
commit 1366e5fba1
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
include/db.php
View File

@@ -36,6 +36,14 @@ function query_appdb($sQuery,$sComment="")
* Values are mysql_real_escape_string()'d to prevent against injection attacks * Values are mysql_real_escape_string()'d to prevent against injection attacks
* See http://php.net/mysql_real_escape_string for more information about why this is the case * See http://php.net/mysql_real_escape_string for more information about why this is the case
* *
* Usage:
* $hResult = query_parameters("Select * from mytable where userid = '?'",
* $iUserId);
*
* Note:
* Ensure that all variables are passed as parameters to query_parameters()
* to ensure that sql injection attacks are prevented against
*
*/ */
function query_parameters() function query_parameters()
{ {