appdb/include db.php
WineHQ
wineowner at wine.codeweavers.com
Tue Jul 4 01:19:06 CDT 2006
ChangeSet ID: 26193
CVSROOT: /opt/cvs-commit
Module name: appdb
Changes by: wineowner at winehq.org 2006/07/04 01:19:06
Modified files:
include : db.php
Log message:
Chris Morgan <cmorgan at alum.wpi.edu>
query_parameters() usage example and the rule that all variables should be passed as parameters
Patch: http://cvs.winehq.org/patch.py?id=26193
Old revision New revision Changes Path
1.17 1.18 +8 -0 appdb/include/db.php
Index: appdb/include/db.php
diff -u -p appdb/include/db.php:1.17 appdb/include/db.php:1.18
--- appdb/include/db.php:1.17 4 Jul 2006 6:19: 6 -0000
+++ appdb/include/db.php 4 Jul 2006 6:19: 6 -0000
@@ -36,6 +36,14 @@ function query_appdb($sQuery,$sComment="
* Values are mysql_real_escape_string()'d to prevent against injection attacks
* See http://php.net/mysql_real_escape_string for more information about why this is the case
*
+ * Usage:
+ * $hResult = query_parameters("Select * from mytable where userid = '?'",
+ * $iUserId);
+ *
+ * Note:
+ * Ensure that all variables are passed as parameters to query_parameters()
+ * to ensure that sql injection attacks are prevented against
+ *
*/
function query_parameters()
{
More information about the wine-cvs
mailing list