Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming How to sent the result of SQL query to a variable(not array)?
How to sent the result of SQL query to a variable(not array)?
  • El Forum
    Guest
  •  
#4
10-18-2009, 04:30 PM

[eluser]jedd[/eluser]
[quote author="Sinclair" date="1255921994"]
It is working. Many Thanks!
[/quote]

Very happy to hear that.

Quote:I know I'am exposed to SQL injection. I will solve the problem when the website get in a more advanced phase.

I'd encourage you to fix it now.

Partly because it's a very good habit to get into. Any number I use in my SQL queries always gets an is_numeric() test run against it first (don't use ctype_digit() - this only works for strings, I discovered).

Partly because this one is so very easy to fix this one right now, and then you can forget about it.

At the very least, annotate your code using whatever system you have in place - I'm using @todo links that PHPDocumentor catalogues for me - to remind yourself later that this code needs fixing.


Messages In This Thread
How to sent the result of SQL query to a variable(not array)? - by El Forum - 10-18-2009, 04:30 PM



Theme © iAndrew 2016 - Forum software by © MyBB