However, when I call the function thus in my content.php page :
$sel_subject = get_subject_by_id($sel_subj);
I get the following error:
DatabaSe query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1
Now, I know the error is being generated by the confirm_query function I have, and I know that if I comment out the above function call I don't get the error...so I believe I must have messed up in the SQL syntax (as per the error report). However, I've checked it all over and I can't see the problem. I've even copy pasted the text from the exercise file so I know it's correct. Any ideas?
I am using an up to date version of XAMP and the video was put together in 2007. Could it be a change of syntax? I've tried removing the LIMIT 1 call but I still get an error.
Msg#: 4536920 posted 7:40 am on Jan 18, 2013 (gmt 0)
The vast majority of tutorials out there blatantly ignore security issues - actually I've to see the first one that's not specifically teaching security to show the right way to do things. So remember that you're likely being thought how to handle a gun without any gun safety instructions at all.
That said, using the mysql interface is obsolete, it is replaced by mysqli (note the i). When learning things, I'd consider to skip mysql and move to mysqli immediately. That way you gain access to prepared statements and can solve security issues much more effectively than by trying to escape it all.