From what I've experienced, you're correct.
Tyler Longren
Captain Jack Communications
[EMAIL PROTECTED]
www.captainjack.com
- Original Message -
From: chris allen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 03, 2002 2:00 PM
Subject: [PHP] Query from POST_VARS
ty tyler :)
saves a bunch of time.
w00t!!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
In my opinion, you should always single quote everything, including numerics. Why?
Say you have a:
$sql = Delete from table where id=$id;
where id is expected to be numeric.
What if the variable id ends up containing:
7 or id0
So the sql would end up as
$sql = Delete from table where id=7
You can also use this mySQL syntax:
INSERT INTO table SET
field1='$value1',
field2='$value2',
...etc
Sincerely,
Maxim Maletsky
Founder, Chief Developer
PHPBeginner.com (Where PHP Begins)
[EMAIL PROTECTED]
www.phpbeginner.com
-Original Message-
From: chris allen [mailto:[EMAIL
4 matches
Mail list logo