|
Posted by J.O. Aho on 11/07/06 13:59
nawfer wrote:
> db mysql;
>
> if ID is a field int or bigint
>
> if in the query
> ....
> WHERE ID = '$var'
>
> and $var= 10;
>
> I can use write so '$var' or so $var (no '') ?
> or there aren't difference?
>
> or for security is better use '$var' and not $var also for numeric
> field?
In the database query you use the '' when you may have special characters like
white spaces (space, tab and so on), for integers/floats it's better to skip
those, as it can be thought of as a string in some cases which can lead to
wrong results in some cases
$var=10;
$query="SELECT * FROM table WHERE ID=$var";
//Aho
[Back to original message]
|