Flourish PHP Unframework
This is an archived copy of the forum for reference purposes

fRequest::get()

posted by mohdshakeel77 8 years ago

HTML CODE <form name="test" action="" > <input type="text" name="uname" /> <input type="submit" name="submit" /> </form>

php code

$uname = fRequestget('uname'); $db-query("select FROM member where uname='".$uname."'"); its give error when $uname = xyz'x ( its always give error with single quotes value ).

MySQL error (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near string_0x:string_1ssss' at line 2) in SELECT * FROM member WHERE uname=:string_1ssss'

Use %s for strings in the query, for example 

$db->query('SELECT * FROM member WHERE uname = %s', $uname);

Read the doc here: http://flourishlib.com/docs/fDatabase#EscapingDataSecurity

posted by jmtucu 8 years ago