On Saturday 15 December 2007 18:59:12 Richard Lynch wrote: > On Fri, December 14, 2007 11:03 am, Adam Williams wrote: > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND > > password='%s'", > > mysql_real_escape_string($user), > > mysql_real_escape_string($password)); > > > > and I understand it uses the %s because of sprintf(), to indicate the > > data is a string. However, thats not syntax I'm used to seeing. If I > > rewrite the code to the following below, will it return the same > > results > > or error when queried? > > > > $user = mysql_real_escape_string($user); > > $password = mysql_real_escape_string($password) > > $query = "SELECT * FROM users WHERE user='$user' AND > > password='$password'"; > > Yes, you will get the same result. > > You could have run both sets of code to try it faster than I typed > this answer. lol, love those comment, but I'm horrible myself, to ask these kind of questions =D > > :-) > > -- > Some people have a "gift" link here. > Know what I want? > I want you to buy a CD from some indie artist. > http://cdbaby.com/from/lynch > Yeah, I get a buck. So? -- --- Børge Holen http://www.arivene.net -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php