On 11/05/11 11:59 PM, Brandon Phelps wrote:
$local_db->do("SELECT insert_message(" . $local_db->quote($field1)
. ", " . $local_db->quote($field2) . ", " . $local_db->quote($field3)
. ", " . $local_db->quote($field4) . ")");
}
btw, thats a rather poor way of passing arguments to SQL. you should
instead use a prepared statement with parameters for your passed arguments.
$st = $local_db->prepare("SELECT insert_message(?, ?, ?, ?)")
or die $local_db->errstr;
$results = $st->execute($field1, $field2, $field3, $field4)
or die $st->errstr;
cleaner, easier to read, far less likely to get nailed with SQL
Injection. PLUS we're catching errors.
--
john r pierce N 37, W 122
santa cruz ca mid-left coast