On Fri, 2007-12-14 at 11:03 -0600, Adam Williams wrote:
> Thanks for all the replies everyone. I have a question on
> mysql_real_escape_string(). The PHP example page shows:
>
> $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
> mysql_real_escape_string($user),
> mysql_real_escape_string($password));
>
> and I understand it uses the %s because of sprintf(), to indicate the
> data is a string. However, thats not syntax I'm used to seeing. If I
> rewrite the code to the following below, will it return the same results
> or error when queried?
>
> $user = mysql_real_escape_string($user);
> $password = mysql_real_escape_string($password)
> $query = "SELECT * FROM users WHERE user='$user' AND password='$password'";
They are just strings. They are equivalent. You can test by assigning
the first construction technique to $query1 and then the second to
$query2 and comparing.
Cheers,
Rob.
--
...........................................................
SwarmBuy.com - http://www.swarmbuy.com
Leveraging the buying power of the masses!
...........................................................
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
