On Sep 24, 2004, at 1:08 PM, Moonlight Embrace wrote:
I'm using this line in searchengine.php
mysql_query("INSERT INTO wsearch (usersearch) VALUES ('".$_REQUEST['search']."')") or die(mysql_error());
however, I'm confused as where to put it, either i get just search querys and not the "go"s or I get a No Database Selected error.
Rather than mysql_query directly, try the wfQuery() wrapper function; this will make sure the database connection is set up before sending the query.
Also, as written you're open to SQL injection attacks. Never stick strings directly into SQL; wrap it in an escaping function (eg the wfStrencode() wrapper function).
-- brion vibber (brion @ pobox.com)