Thanks Michael
Had a look and still can't work out how to apply it to my
code.
My function is:
function check_input($value)
{
// Stripslashes
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote if not a number
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
and I know how to apply the function but this is my recordset
(MX7)
$Category_r_search = "=";
if (isset($_GET['Category'])) {
$Category_r_search = (get_magic_quotes_gpc()) ?
$_GET['Category'] : addslashes($_GET['Category']);
}
$Type_r_search = "=";
if (isset($_GET['Type'])) {
$Type_r_search = (get_magic_quotes_gpc()) ? $_GET['Type'] :
addslashes($_GET['Type']);
}
mysql_select_db($database_config, $config);
$query_r_search = sprintf("SELECT* FROM listing WHERE
listing.status = 'notactive' AND listing.inv_country = 'Australia'
AND (listing.classcatid LIKE '%%%s%%' AND listing.industryid LIKE
'%%%s%%') ORDER BY listing.inv_country ASC",
$Category_r_search,$Type_r_search);
$r_search = mysql_query($query_r_search, $config) or
die(mysql_error());
$row_r_search = mysql_fetch_assoc($r_search);
$totalRows_r_search = mysql_num_rows($r_search);
And this is the url string for the search results:
<a
href="result.php?Category=Freelance&Type=Beauty">Beauty</a>
As I am not using a $Category or $Type how can I get this to
work with the function?
Yes I am echoing out the results but I thought the way you
would use the function would be e.g.
$Category = check_input($_GET['Category']);
But I am not using $Category anywhere and can't see where to.
Hope that makes sense....
2
Replies
AdChoices