Originally Posted by
Kryptos
Wow su amazing u pro but let me help you with some stuff.
PHP Code:
//global.php
foreach($_POST as $key => $value)
{
$_POST[$key] = mysql_real_escape_string($value);
}
//Some class or anything
public function Example()
{
return (mysql_query("UPDATE table SET row = {$_POST['row']} WHERE id = {$_POST['id']} LIMIT 1")); // All needs filtering, we use a foreach and filter all before touching anything. So pro.
}
Is better than
PHP Code:
public function Example($data)
{
$this->data = $data;
return (mysql_query("UPDATE table SET row = $this->data WHERE id = $id LIMIT 1")); // ID is clearly not inputted by the user, nothing to filter unless you assigned the ID session to a variable and you're retarded and should not be reading this.
}
Is better than
PHP Code:
public function Example($data)
{
$this->data = $data;
return (mysql_query("UPDATE table SET row = '".mysql_real_escape_string($data)."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1"));
}
Is better than
PHP Code:
public function Example($data)
{
$this->data = $data;
$sql = "UPDATE table SET row = '".mysql_real_escape_string($data)."' WHERE id = '".mysql_real_escape_string($id)."' LIMIT 1";
return (mysql_query($sql));
}
Sorry if there are any errors, writing PHP in an iPod Touch is not easy.
Posted via Mobile Device
Thanks,
PHP Code:
//global.php
foreach($_POST as $key => $value)
{
$_POST[$key] = mysql_real_escape_string($value);
}
//Some class or anything
public function Example()
{
return (mysql_query("UPDATE table SET row = {$_POST['row']} WHERE id = {$_POST['id']} LIMIT 1")); // All needs filtering, we use a foreach and filter all before touching anything. So pro.
}
That is the way i have it now.
Greetz,
Originally Posted by
LHaZze
If this CMS isn't free, I'm just going by the text on the layout but.. Your selling a layout that has been designed by sulake? ..
If you see it that way,
Yes
But i said: That i'm not sure of i gonna sell it. Because i see that little payment as a like for the time.
Greetz,
