> On Saturday 15 December 2007 18:59:12 Richard Lynch wrote:
> > On Fri, December 14, 2007 11:03 am, Adam Williams wrote:
> > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND
> > > password='%s'",
> > > mysql_real_escape_string($user),
> > > mysql_real_escape_string($password));
> > >
> > > and I understand it uses the %s because of sprintf(), to indicate the
> > > data is a string. However, thats not syntax I'm used to seeing. If I
> > > rewrite the code to the following below, will it return the same
> > > results
> > > or error when queried?
> > >
> > > $user = mysql_real_escape_string($user);
> > > $password = mysql_real_escape_string($password)
> > > $query = "SELECT * FROM users WHERE user='$user' AND
> > > password='$password'";
> >
> > Yes, you will get the same result.
> >
> > You could have run both sets of code to try it faster than I typed
> > this answer.
If the OP was _thinking_ the same thing I was, the question was
actually, "What's the difference and why use one vs the other?" Yeah,
I could run both and see the same result (actually, I did), but don't
understand the _wisdom_ of one choice over the other.
--
RE, Chicago
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
