In article <[EMAIL PROTECTED]>, Philip Olson wrote: > One thing to remember is mysql_query() will execute just one (the first) > query so use of ; won't do anything in the above except break the > query.
If i'm not mistaken, newer versions of mysql do allow multiple queries. > (once) and put single quotes around the criteria ($name) and life will be > grand. Quotes around numerical values won't hurt (such as id = '$id') > although it's not required. If you choose not to do that then be sure > it's numerical before use (like cast it as an int, or check > is_numeric(), etc. ...). Some people check for ';' in the request > variable and if found yell at the user, that can be fun. bugs.php.net > does this. Or use prepared statements with mysqli -- Tim Van Wassenhove <http://home.mysth.be/~timvw> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
