On Fri, Aug 15, 2003 at 11:19:47AM +0200, Ard Biesheuvel wrote: > 'SELECT ... WHERE id='. (int)$id
Even shorter : 'SELECT ... WHERE id='. $id+0 > 'SELECT ... WHERE name=" '.addslashes($name).' " ' Wasn't addslashes() designed to escape shell commands and mysql_escape_string() for MySQL queries? -- __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' / \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/ -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
