appdb/include db.php

[WineHQ]

ChangeSet ID:	26193
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner at winehq.org	2006/07/04 01:19:06

Modified files:
	include        : db.php 

Log message:
	Chris Morgan <cmorgan at alum.wpi.edu>
	query_parameters() usage example and the rule that all variables should be passed as parameters

Patch: http://cvs.winehq.org/patch.py?id=26193

Old revision  New revision  Changes     Path
 1.17          1.18          +8 -0       appdb/include/db.php

Index: appdb/include/db.php
diff -u -p appdb/include/db.php:1.17 appdb/include/db.php:1.18
--- appdb/include/db.php:1.17	4 Jul 2006  6:19: 6 -0000
+++ appdb/include/db.php	4 Jul 2006  6:19: 6 -0000
@@ -36,6 +36,14 @@ function query_appdb($sQuery,$sComment="
  * Values are mysql_real_escape_string()'d to prevent against injection attacks
  * See http://php.net/mysql_real_escape_string for more information about why this is the case
  *
+ * Usage:
+ *  $hResult = query_parameters("Select * from mytable where userid = '?'",
+ *                            $iUserId);
+ *
+ * Note:
+ *   Ensure that all variables are passed as parameters to query_parameters()
+ *   to ensure that sql injection attacks are prevented against
+ *
  */
 function query_parameters()
 {