ChangeSet ID: 26193 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2006/07/04 01:19:06
Modified files: include : db.php
Log message: Chris Morgan cmorgan@alum.wpi.edu query_parameters() usage example and the rule that all variables should be passed as parameters
Patch: http://cvs.winehq.org/patch.py?id=26193
Old revision New revision Changes Path 1.17 1.18 +8 -0 appdb/include/db.php
Index: appdb/include/db.php diff -u -p appdb/include/db.php:1.17 appdb/include/db.php:1.18 --- appdb/include/db.php:1.17 4 Jul 2006 6:19: 6 -0000 +++ appdb/include/db.php 4 Jul 2006 6:19: 6 -0000 @@ -36,6 +36,14 @@ function query_appdb($sQuery,$sComment=" * Values are mysql_real_escape_string()'d to prevent against injection attacks * See http://php.net/mysql_real_escape_string for more information about why this is the case * + * Usage: + * $hResult = query_parameters("Select * from mytable where userid = '?'", + * $iUserId); + * + * Note: + * Ensure that all variables are passed as parameters to query_parameters() + * to ensure that sql injection attacks are prevented against + * */ function query_parameters() {