TalkPHP - View Single Post

core1024 · 06-02-2011, 07:03 AM

<input type="text" name="ORDERING_DEPT" />
is repeated twice. Not sure if it is on purpose, but you should be careful with this.

SELECT ORDER_DESC FROM orders WHERE ORDER_DESC = 'CSF','LFT'
this should be
SELECT ORDER_DESC FROM orders WHERE ORDER_DESC LIKE '%CSF%' AND ORDER_DESC LIKE '%LFT%'
or if you are completely sure for the content
SELECT ORDER_DESC FROM orders WHERE ORDER_DESC = 'CSF, LFT'
the second variant is faster, but the content have to be exact match.

You should always validate your POST/GET data. If for example someone enters anything quoted there are big chances to blow your inserts. You can just $_POST['ORDERING_DEPT'] = mysql_real_escape_string($_POST['ORDERING_DEPT']); and so on...

06-02-2011, 07:03 AM	#9 (permalink)
core1024 The Wanderer Join Date: May 2010 Posts: 19 Thanks: 1	<input type="text" name="ORDERING_DEPT" /> is repeated twice. Not sure if it is on purpose, but you should be careful with this. SELECT ORDER_DESC FROM orders WHERE ORDER_DESC = 'CSF','LFT' this should be SELECT ORDER_DESC FROM orders WHERE ORDER_DESC LIKE '%CSF%' AND ORDER_DESC LIKE '%LFT%' or if you are completely sure for the content SELECT ORDER_DESC FROM orders WHERE ORDER_DESC = 'CSF, LFT' the second variant is faster, but the content have to be exact match. You should always validate your POST/GET data. If for example someone enters anything quoted there are big chances to blow your inserts. You can just $_POST['ORDERING_DEPT'] = mysql_real_escape_string($_POST['ORDERING_DEPT']); and so on...