Re: Using mysql_real_escape_string

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/9/06, Alan Milnes <css@xxxxxxxxxxx> wrote:


      $query = "insert into invw2wcheck (
UNIQUEID    ,
ASSETID   ,
CNF

)
values
(
'$UNIQUEID',
'$ASSETID   ',
'$CNF'

)";



Wrap escaping functions around the values you are sticking in the DB.
Escaping is only needed at the time you are using it because it helps
your data go somewhere.  You don't want to corrupt your data with
escaped values.

$query = "insert into invw2wcheck (
UNIQUEID    ,
ASSETID   ,
CNF
)
values
(
'". mysql_real_escape_string($UNIQUEID) ."',
'". mysql_real_escape_string($ASSETID) ."',
'". mysql_real_escape_string($CNF) ."'
)";

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux