[dbs] data output (MySql/php)

[Sebastian Mendel]

Ulf Deppert IT Beratung wrote:
> hello,
> 
> proceedings: a .php5 script should be used to read out filmdata from a MySql database over a form-textline (.html page). In that textline letters and numbers are aloud. The form data go with the get-Method and the "application/x-www-form-urlencoded" Coding to the dataviewscript (.php5).
> The dynamic-codepart in the dataviewscript:  
> 
> ("DB111153", "select * from M_Internet where Titel = " . $_POST["Titel"] . " and Hardcore = 'NEIN' ", "block=0","Filme");
> 
> specials: the third party (webspace-provider company) "php.ini" has considerd such security guidelines REGISTER_GLOBALS = "OFF", DEFAULT_CHARSET= "no value" und MAGIC_QUOTES_GPC= "OFF" of the php-group.
> The local access code to the global php variables was reached over an "extract get/ post" include.
> 
> problem: the datavieskript works with the help of the dataview .php code above and that extract include; means: the database give data, if you write numbers in the formtextline. The database don't give data if you write letters in the form textline.
> 
> job: What has to be changed in the programmingof the 'select'-order above or/ and in the Konfigurations above by it films like "Annie Hall" and not only films like "2001" can be viewed ?

Die deutschen Antworten reichen dir wohl nicht?

Abgesehen davon das das hier eine rein deutschsprachige Mailingliste ist!


-- 
Sebastian Mendel

www.sebastianmendel.de
www.sf.net/projects/phpdatetime | www.sf.net/projects/phptimesheet