Back To Programming / Scripting / Coding Forum

MySQL Query PHP

  • SpooF
  • ٩๏̯͡๏۶
  • Bronze Member
  • User avatar
  • Joined: May 22, 2004
  • Posts: 3415
  • Loc: Richland, WA
  • Status: Offline

Post January 30th, 2010, 3:01 pm

What format do you use when inserting variables into your queries?
#define NULL (::rand() % 2)
  • Anonymous
  • Bot
  • No Avatar
  • Joined: 25 Feb 2008
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post January 30th, 2010, 3:01 pm

  • Bigwebmaster
  • Site Admin
  • Site Admin
  • User avatar
  • Joined: Dec 20, 2002
  • Posts: 8926
  • Loc: Seattle, WA & Phoenix, AZ
  • Status: Offline

Post January 30th, 2010, 4:51 pm

Are the variables from what users entered? or are they something you have hardcoded? If you are taking values from users first they must be sanitized and then I would normally do something like:

PHP Code: [ Select ]
$sql = 'SELECT * FROM SOMETABLE
        WHERE tablevariable = ' . $somevar . '
        AND anothertablevar = ' . $anothervar;
  1. $sql = 'SELECT * FROM SOMETABLE
  2.         WHERE tablevariable = ' . $somevar . '
  3.         AND anothertablevar = ' . $anothervar;
Ozzu Hosting - Want your website on a fast server like Ozzu?

Page 1 of 1

Post Information

  • Total Posts in this topic: 2 posts
  • Users browsing this forum: No registered users and 199 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
cron
 

© 2011 Unmelted, LLC. Ozzu® is a registered trademark of Unmelted, LLC.