Thanks for all the replies everyone. I have a question on
mysql_real_escape_string(). The PHP example page shows:
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
and I understand it uses the %s because of sprintf(), to indicate the
data is a string. However, thats not syntax I'm used to seeing. If I
rewrite the code to the following below, will it return the same results
or error when queried?
$user = mysql_real_escape_string($user);
$password = mysql_real_escape_string($password)
$query = "SELECT * FROM users WHERE user='$user' AND password='$password'";
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
