On Wednesday 18 April 2001 22:03, you wrote:
> and do various searches etc. I was curious as to what most people find
> the best way keep thier mysql queries from getting messed up by user
> entered data. None of my searches or database data has or needs any
Simply using addslashes () or the magic_quotes_gpc setting will do fine
for strings.
For numbers just cast them to int before inserting 'em in the query:
$MyNum = (int) $MyNum;
$Query = "INSERT INTO foo (intval) VALUES ($MyNum)';
--
Christian Reiniger
LGDC Webmaster (http://sunsite.dk/lgdc/)
/* you are not expected to understand this */
- from the UNIX V6 kernel source
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
