Re: Inserting NULL Integer Values

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Oliver Grätz wrote:
Shaun schrieb:

$qid = mysql_query('INSERT INTO MYTABLE (
                               column1,
                               column2,
                              ) VALUES (
                               "'.$value1.'",
                               "'.$value2.'"
                              )');


A bit off-topic but important: Always make sure that you check the
contents of $value1 and $value2 before putting them into the query!
With

$value1 = 'xyz","xyz"); DELETE FROM MYTABLE;';

you might get surprising results!

This is called SQL injection and it's important to escape all the values
before putting them into the statement.


Did you try that? This doesn't work on my machine:

mysql_query("DELETE FROM mytable; DELETE FROM mytable;");

ie, mysql extension won't let me do more than one statement at a time.

--

   Open source PHP code generator for DB operations
   http://sourceforge.net/projects/bfrcg/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux