View Full Version : Correct coding syntax

01-14-2010, 07:55 AM
I have used the code below with success. However, it has been some time since I did any coding and now this piece of code does not work. I believe it is because Register Globals are now by default set to off???

Can anyone show me the correct way to write this now

Many thanks for the help

include ('config.php');
$sql = "SELECT * FROM pages WHERE page_href = '$page_name' order by page_id";
$class = mysql_query($sql, $conn);
while($row = mysql_fetch_object($class))

$sql8 = "SELECT * FROM templates where tmp_code='$temptype'";
$class8 = mysql_query($sql8, $conn);

include ("$template");



01-14-2010, 08:21 AM
Change this

to this

and where is $page_name coming from? Is it something like index.php?page_name=blah

If that is the case you have a major security hole in your code. It is open to sql injection.

01-14-2010, 08:23 AM
$page_name is a field name from the database table. So yes, it is like index.php?page_name=

01-14-2010, 11:21 AM
You should never do that because then you are open to MySQL Injection .. Google it for more info .

It is basically a method where hackers could take control of your site

Instead, you should use

01-14-2010, 01:02 PM
I wouldn't recommend it but you could just use the extract function with $_REQUEST to extract all the data how register globals did. I would seriously recommend that you do some research into SQL injection and prevention methods. Take a look at the added bytes website for information on php security