开发者

simple php variable question

Hope someone can help me

I have declared the variable

 <?php $sitename = "http://" .$_SERVER["SERVER_NAME"]; ?>

and would like to use the variable in a mysql 开发者_如何学Goquery:

$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = "echo $sitename" AND g_page_url = '/index.asp'";

How do I do the "echo $sitename" part? thanks


$sitename = "http://" .$_SERVER["SERVER_NAME"];
$sitename = mysql_real_escape_string($sitename);
$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = '" . $sitename . "' AND g_page_url = '/index.asp'";


$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = '". mysql_real_escape_string($sitename) . "' AND g_page_url = '/index.asp'";

Two things to pull away from this:

  1. You don't want to echo a variable "into" a sql query, this just doesn't make sense. You want to concatonate the variable with the rest of the string with the "." operator.

  2. You ALWAYS want to sanitize your input when inserting something into a database. In this case you want to escape your string to prevent SQL injections.


$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = '".$sitename."' AND g_page_url = '/index.asp'";


$query_rs_main = "SELECT * FROM g_page WHERE g_page_site = $sitename AND g_page_url = '/index.asp'";
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜