Hey I have managed to get it

kht — Fri, 13 Feb 2009 16:22:24 +0000

Hey I have managed to get it all working, thanks for the help, it turns out there was an error in my SQL code, although by basically rewriting it I have lost a few lines of code, and I will also look into the escape string fucntion, thanks for your help guys!!

Paul

One of the ways to escape

pr0gr4mm3r — Fri, 13 Feb 2009 15:19:03 +0000

One of the ways to escape the data is to use the mysql_real_escape_string() function. The PHP manual page for that function does explain SQL injection a bit and practices to protect against it.

Thanks for the help Shaggy,

kht — Fri, 13 Feb 2009 14:45:47 +0000

Thanks for the help Shaggy, although it seems to not be working still.

Also, could you further explain what you meant by:

Also, it'd be a great idea to validate and escape $_POST['vid'] string to avoid SQL injection vulnerabilities.

I am very new to php, i.e. this is the first thing I have ever written in it.

Thanks for your help

Paul

$information is a pointer to

Shaggy — Thu, 12 Feb 2009 18:04:53 +0000

$information is a pointer to a result set, it isn't the results yet.

You'll need to:

$row = mysql_fetch_assoc($information);

Then you can:
echo $row['name'];
etc.

Also, it'd be a great idea to validate and escape $_POST['vid'] string to avoid SQL injection vulnerabilities.

Cheers,
Shaggy