Need to Secure my code

WhatsGoingOn

Can someone please help me secure the following code? I want to rewrite it so it will work on a server with Global variables off

if($searchby == "Car") {$_REQUEST["var1"] = "CarA";} //where CarA is column name in table
if($searchby == "Van") {$_REQUEST["var1"] = "VanA";} //where VanA is column name in table


if($_REQUEST["var2"]){
$var2temp = "$var2";
}

if($_REQUEST["var2temp"]){
$var2 = "$var2temp%";
}

if(!($_REQUEST["var1"])){
$var1 = "VanA";
}

$result = mysql_query("SELECT * FROM vehicles WHERE vehicles.$var1 LIKE '$var2' ORDER BY Type ASC",$dbase);

Thanks.

laserlight

Use $POST, $GET and/or $_REQUEST.

For example, $searchby might be re-written as $_GET['searchby'], but you should check it first with [man]isset/man or [man]empty/man

WhatsGoingOn

My apologies, I posted the wrong code. The code above is the feeble attempt I made to secure it that didn't work. Here is my original code with no attempt made:

if($searchby == "Car") {$var1 = "CarA";} //where CarA is column name in table
if($searchby == "Van") {$var1 = "VanA";} //where VanA is column name in table


if($var2){
$var2temp = "$var2";
}

if($var2temp){
$var2 = "$var2temp%";
}

if(!($var1)){
$var1 = "VanA";
}

$result = mysql_query("SELECT * FROM vehicles WHERE vehicles.$var1 LIKE '$var2' ORDER BY Type ASC",$dbase);