Philip Olson wrote:
And quoting integers is not a problem, I even prefer it. IMHO we should tell people to quote all values so if someone "forgets" to do any sort of input validation (i.e. make sure it's actually an integer) there won't be a major problem otherwise problems (including SQL injection) may arise.
I wouldn't recommend that you recommend that to everyone. Not all databases will allow you to enter a STRING into an numeric field. MySQL may be lenient on it, but that doesn't mean you should get in the habit of using it that way. Properly validate your data and none of this is an issue. :)
--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/
php|architect: The Magazine for PHP Professionals – www.phparch.com
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
