ChangeSet ID: 26193 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner(a)winehq.org 2006/07/04 01:19:06 Modified files: include : db.php Log message: Chris Morgan <cmorgan(a)alum.wpi.edu> query_parameters() usage example and the rule that all variables should be passed as parameters Patch: http://cvs.winehq.org/patch.py?id=26193 Old revision New revision Changes Path 1.17 1.18 +8 -0 appdb/include/db.php Index: appdb/include/db.php diff -u -p appdb/include/db.php:1.17 appdb/include/db.php:1.18 --- appdb/include/db.php:1.17 4 Jul 2006 6:19: 6 -0000 +++ appdb/include/db.php 4 Jul 2006 6:19: 6 -0000 @@ -36,6 +36,14 @@ function query_appdb($sQuery,$sComment=" * Values are mysql_real_escape_string()'d to prevent against injection attacks * See http://php.net/mysql_real_escape_string for more information about why this is the case * + * Usage: + * $hResult = query_parameters("Select * from mytable where userid = '?'", + * $iUserId); + * + * Note: + * Ensure that all variables are passed as parameters to query_parameters() + * to ensure that sql injection attacks are prevented against + * */ function query_parameters() {