yes,
both of yours make the same result too, and are clean :-)
and i wonder what the best way is, to put queries into php code...
there's a more complicated sample,
$a=addslashes($a);
$b=addslashes($b);
$c=addslashes($c);
if( $another_table ) { $another_table=','.$another_table; }
$query = "select abc,def,ghi
from table1,table2 $another_table
where abc='$a' and def='$b' and ghi='$c' ";
and i prefer because i often confuse php variables with columns
if( $another_table ) { $another_table=','.$another_table; }
$query = sprintf(
'select abc,def,ghi
from table1,table2 %s
where abc="%s" and def="%s" and ghi="%s"',
$another_table,
addslashes($a), addslashes($b), addslashes($c)
);
but i think the latter loses some good php features...
then, does anyone have good idea?
[EMAIL PROTECTED] wrote:
> how about
>
> $location = addslashes($location);
> $query = "select shoodID from shoots where location = '$location'";
>
> or
>
> $query = "select shoodID from shoots where location = '".
> addslashes($location) ."'";
>
>
> Both are \'clean\' :)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
