Re: how to handle inserting special characters into a mysql field

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Saturday 15 December 2007 18:59:12 Richard Lynch wrote:
> > On Fri, December 14, 2007 11:03 am, Adam Williams wrote:
> > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND
> > > password='%s'",
> > >             mysql_real_escape_string($user),
> > >             mysql_real_escape_string($password));
> > >
> > > and I understand it uses the %s because of sprintf(), to indicate the
> > > data is a string.  However, thats not syntax I'm used to seeing.  If I
> > > rewrite the code to the following below, will it return the same
> > > results
> > > or error when queried?
> > >
> > > $user = mysql_real_escape_string($user);
> > > $password = mysql_real_escape_string($password)
> > > $query = "SELECT * FROM users WHERE user='$user' AND
> > > password='$password'";
> >
> > Yes, you will get the same result.
> >
> > You could have run both sets of code to try it faster than I typed
> > this answer.

If the OP was _thinking_ the same thing I was, the question was
actually, "What's the difference and why use one vs the other?" Yeah,
I could run both and see the same result (actually, I did), but don't
understand the _wisdom_ of one choice over the other.
-- 
RE, Chicago

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux