[FX.php List] Basic help

[Troy Meyers]

Andrew, quite right! Simpler is better, but the only problem is that a hacker might (suspecting that method) put:

"bob@*.com

...in as the email address. The " ends the literal and then wildcard works.

-Troy


> Putting the email in double quotes should solve the wildcard issue
> without having to use preg.  This does a field content match (==) on the
> literal text ("").
> 
> $query->AddDBParam('email','=="'.$email.'"');
> 
> Andrew Denman