> >As a sidenote, your strings should be enclosed by single quotes, as per > >SQL standard, not double quotes, those are reserved for delimited > >identifiers. > > > Hmmm. I've sort-of carried that over from the way I do PHP. I tend to use > single quotes for strings that have no variables in them, so I use > double-quotes around strings within the strings: > > $query = 'UPDATE foo SET field = "always"' > > That way I don't have to escape things, which I think makes them harder to > read. I'll take your comment under advisement.
Although that's true for string literals, you would still need to escape any user input since MySQL doesn't properly support parameters (or does it in 5.1 or so?) As I said, a complete side note :-) Martijn Tonies Database Workbench - tool for InterBase, Firebird, MySQL, NexusDB, Sybase SQL Anywhere, Oracle & MS SQL Server Upscene Productions http://www.upscene.com My thoughts: http://blog.upscene.com/martijn/ Database development questions? Check the forum! http://www.databasedevelopmentforum.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
