From: chris allen [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 03, 2002 10:01 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Query from POST_VARS
>
> Question on a mysql insert query:
>
> while(list($key, $val) = each($HTTP_POST_VAR
In my opinion, you should always single quote everything, including numerics. Why?
Say you have a:
$sql = "Delete from table where id=$id";
where id is expected to be numeric.
What if the variable id ends up containing:
7 or id>0
So the sql would end up as
$sql = "Delete from table where id=
ty tyler :)
saves a bunch of time.
w00t!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
>From what I've experienced, you're correct.
Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com
- Original Message -
From: "chris allen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 2:00 PM
Question on a mysql insert query:
while(list($key, $val) = each($HTTP_POST_VARS)) {
$string .= "'". $val ."'" .",";
}
$insert_query = "insert into data_16 values ('$string')";
Do I need the single quotes for data being pu
5 matches
Mail list logo
