[FX.php List] Basic help
Gjermund Gusland Thorsen
ggt667 at gmail.com
Wed May 28 13:20:19 MDT 2008
strip off asterisk from environmental variable before the query,
it's as simple as that
ggt
2008/5/28 Troy Meyers <tcmeyers at troymeyers.com>:
> Andrew, quite right! Simpler is better, but the only problem is that a hacker might (suspecting that method) put:
>
> "bob@*.com
>
> ...in as the email address. The " ends the literal and then wildcard works.
>
> -Troy
>
>
>> Putting the email in double quotes should solve the wildcard issue
>> without having to use preg. This does a field content match (==) on the
>> literal text ("").
>>
>> $query->AddDBParam('email','=="'.$email.'"');
>>
>> Andrew Denman
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>
More information about the FX.php_List
mailing list