Hi,
below are three versions of an SQL call along with escaping the passed
value.
> $value=mysql_escape_string($_POST['value']);
> mysql_query('SELECT * FROM table WHERE field="'.$value.'"');
+ Fastest Code
- Con: Bad Readability, Value needs to be escaped separately
> $value=mysql_escap
Jochem Maas wrote:
hi Alexander,
interesting question regarding 'safety' v. readability v. speed - I'm
sure you'll get different views depending on who you ask.
Here is my take:
Thank you Jochem! :)
I rate speed as the least important issue - you can alway use a faster
machine, get some more RAM
