Re: mysql_real_escape_string() — PHP Programming Language

You are here: Re: mysql_real_escape_string() « PHP Programming Language « IT news, forums, messages

Posted by NC on 08/06/07 00:57

On Aug 5, 12:45 am, Toby A Inkster <usenet200...@tobyinkster.co.uk>
wrote:
> NC wrote:
> > $sql = 'INSERT INTO comments (comment, name, quotekey) ' .
> > "VALUES ('$comment', '$name', '$key')";
> > mysql_real_escape_string($sql);
>
> ?? You should not be escaping the entire SQL query like this!

Indeed. Forgot to delete the unnecessary line from the OP's code
after trying to explain why it should be deleted. :) Thanks for
pointing it out!

Cheers,
NC

Navigation:

Next in forum: Re: I need help with a general flash ".swf" question
Prev in forum: Re: I need help with a general flash ".swf" question
Thread view: Re: mysql_real_escape_string()

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация