hi Alexander,
interesting question regarding 'safety' v. readability v. speed - I'm
sure you'll get different views depending on who you ask.
Here is my take:
Alexander Mueller wrote:
Hi,
below are three versions of an SQL call along with escaping the passed
value.
Jochem Maas wrote:
hi Alexander,
interesting question regarding 'safety' v. readability v. speed - I'm
sure you'll get different views depending on who you ask.
Here is my take:
Thank you Jochem! :)
I rate speed as the least important issue - you can alway use a faster
machine, get some more
Hi,
below are three versions of an SQL call along with escaping the passed
value.
$value=mysql_escape_string($_POST['value']);
mysql_query('SELECT * FROM table WHERE field='.$value.'');
+ Fastest Code
- Con: Bad Readability, Value needs to be escaped separately
