Re: help on gtk with mysql.

How about something like:

char *sql = g_strdup_printf ("INSERT INTO test(id) VALUES('%s')", p);
doSQL (sql);
g_free (sql);

You also want to check that the user entry is valid and doesn't
contain things like quotes. Otherwise some joker could enter something

'); update person set salary=100000 where id=1234; insert into test(id) values('a

into your entry box and whoopee, hack your database.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]