On Fri, December 14, 2007 11:03 am, Adam Williams wrote:
> $query = sprintf("SELECT * FROM users WHERE user='%s' AND
> password='%s'",
> mysql_real_escape_string($user),
> mysql_real_escape_string($password));
>
> and I understand it uses the %s because of sprintf(), to indicate the
> data is a string. However, thats not syntax I'm used to seeing. If I
> rewrite the code to the following below, will it return the same
> results
> or error when queried?
>
> $user = mysql_real_escape_string($user);
> $password = mysql_real_escape_string($password)
> $query = "SELECT * FROM users WHERE user='$user' AND
> password='$password'";
Yes, you will get the same result.
You could have run both sets of code to try it faster than I typed
this answer.
:-)
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
