MySQL Query PHP

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Posts: 3422
  • Loc: Richland, WA

Post 3+ Months Ago

What format do you use when inserting variables into your queries?
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Posts: 9090
  • Loc: Seattle, WA & Phoenix, AZ

Post 3+ Months Ago

Are the variables from what users entered? or are they something you have hardcoded? If you are taking values from users first they must be sanitized and then I would normally do something like:

PHP Code: [ Select ]
$sql = 'SELECT * FROM SOMETABLE
        WHERE tablevariable = ' . $somevar . '
        AND anothertablevar = ' . $anothervar;
  1. $sql = 'SELECT * FROM SOMETABLE
  2.         WHERE tablevariable = ' . $somevar . '
  3.         AND anothertablevar = ' . $anothervar;

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 119 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.