Re: escape your variables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 
Actually no; you said "You only need to escape data coming from a user going in to your database."
Using a known variable in my app is not going to cause an sql injection problem. 

switch ($value) {
  case 'x':
    $my_field = 1;
  break;
  default:
    $my_field = 0;
}

an insert here with no escaping on $my_field will never cause sql injection.

--
Postgresql & php tutorials
http://www.designmagick.com/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux