A preco by to podla teba neslo neslo? As far as I know, ak php parser narazi na taketo nieco:
$foo = BAR;
najskor skontroluje ci BAR nie je definovana konstanta. Kedze asi nie je (co prepokladame), PHP automaticky urobi konverziu a bude postupovat dalej, ako keby BAR bola definovana ako retazcova konstatna 'BAR' (viac info: http://sk2.php.net/manual/en/language.types.array.php#language.types.array.foo-bar -- "It works because PHP automatically converts a bare string (an unquoted string which does not correspond to any known symbol) into a string which contains the bare string. For instance, if there is no defined constant named bar, then PHP will substitute in the string 'bar' and use that."). Samozrejme, hovoriac o cistote programovania, toto urcite nie je bezpecny sposob, ale funguje!
Apropos, najinteligentnejsi sposob ako zapisat spominany query je pouzit operator . (bodka - spajanie retazcov):
mysql_query("SELECT xyz FROM zyx WHERE something LIKE '" . $_GET['somewhat']);
Názor k článku
PHP pro experty: bezpečnost
Janci (neregistrovaný)
12. 8. 2004 16:17
