Important WebAssist Announcement

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › MySQLi Server Behaviors › MySQLI Server Behaviors General / Announcements › MySQLi query where target from $_GET is a column?

View all replies to this thread

MySQLi query where target from $_GET is a column?

Thread began 3/28/2016 9:20 am by Steve | Last modified 3/28/2016 3:13 pm by Steve | 3098 views | 10 replies

3/28/2016 3:03 pmRay BorduinWebAssist

Yes, you wouldn't be able to use parameters to pass the value because of SQL injection prevention code that is automatically applied as Dave suggests. The solution is to add the code to your SQL statement directly as you have discovered. However this opens your query to SQL injection particularly when using a $_GET variable, so be very careful using this technique and make sure you have other protection on the page such as a login required to prevent abuse.

Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Begin selling online quickly with Cafe Commerce.

Everything else!

►
Text Formatting
- Bold
- Italics
- Underline
- Highlight
- Color
- Size
- Font
►
Insert Element
- Image
- List
- Attachment
►
Insert Link
- Email
- URL
- To Post
- To Thread
►
Block Formatting
- Code
- Note
- Quote
- PHP
- HTML
- Indent
- Ignore Format
Cancel

Uploading file...