Submitted by elias (not verified) on Tue, 2004-11-23 03:10.
sure this code is a step beyond the most bad code, but its still
stupid. like freedimension said there is no default value. also, the author uses @ to supress php errors instead of checking the input
correct. that makes clear the author isn't familar with php nor
security. the bunch of echo's emphasize that.
stupid. like freedimension said there is no default value. also, the author uses @ to supress php errors instead of checking the input
correct. that makes clear the author isn't familar with php nor
security. the bunch of echo's emphasize that.
heres my suggestion:
$vote = $_POST['vote'] == '1' ? true : false;
$punkt = (int) $_POST['bewertung'];
if ($vote === true && $bewertung > 0 && $bewertung < 11)
{
mysql_query("INSERT INTO bewertung(repID,punkte) VALUES ('$repID','$punkt')");
}