Using POST information in mySQL queries
Simple question, probably takes a rather simple answer, but I haven't
found anything online about it. I'm working on an Android app that needs
to access a mySQL cloud database. To this end, I'm creating a PHP
webservice to interface the two (as well as provide an extra layer of
protection for the mySQl credentials). The issue is that I"m using a POST
method to send variables to the queries to tell them what operations to
do, such as:
$db->query("DROP TABLE {$_POST[table]}");
The issue is that when I try to send values for something like an INSERT
statement, I need to use quotes around the strings. Unfortunately, the
UTF-8 encoding turns all the quotes into escaped quotes. What should I do
to fix this?
No comments:
Post a Comment