NYCPHP Meetup

[nycphp-talk] Is there something wrong with this SQL query in PHP?

Carlos A Hoyos cahoyos at us.ibm.com
Tue Aug 14 15:37:12 EDT 2007


> I have been staring at this for about a week and it is turning into
> a mind bender.  Here is the code excerpt:


I'm sure you'll get plenty of comments on not directly passing a posted
variable to your query, as you're app is open to sql injection, so I'll
leave it at that.

On quick inspection, function mysql_fetch_assoc only takes one parameter...
this might be a problem. mysql_fetch_assoc

If not, you can try echoing the whole query (echo $query).. that way you'll
know what command is being passed to mysql... run it on the command line
and see if it is returning anything.

Carlos Hoyos






More information about the talk mailing list