On Sat, October 29, 2005 4:45 am, Bogdan Ribic wrote:
>> $value1 = 'xyz","xyz"); DELETE FROM MYTABLE;';
>>
>> you might get surprising results!
>>
>> This is called SQL injection and it's important to escape all the
>> values
>> before putting them into the statement.
>
>
> Did you try that? This d
On Tue, October 18, 2005 2:15 pm, Shaun wrote:
> Thanks for your replies, rather than check each vaule by name I am
> trying to
> produce a more dynamic solution:
>
> foreach ($_POST as $key => $value) {
> if ($value == '') {
> $_POST[$key] == 'NULL';
If you actually have == in this line, th
You're using two =='s for your assignment.
On Tue, 18 Oct 2005 15:15:59 -0400, "Shaun" <[EMAIL PROTECTED]>
wrote:
Hi all,
Thanks for your replies, rather than check each vaule by name I am
trying to
produce a more dynamic solution:
foreach ($_POST as $key => $value) {
if ($value == ''
Sorry everyone, I missed the "integer" requirement here. I apologize. And
yes, '' isn't a good integer value and will throw an error.
That's what I get for not reading thoroughly enough :)
-TG
= = = Original message = = =
On Tue, October 18, 2005 12:42 pm, [EMAIL PROTECTED] wrote:
> That sho
Hi all,
Thanks for your replies, rather than check each vaule by name I am trying to
produce a more dynamic solution:
foreach ($_POST as $key => $value) {
if ($value == '') {
$_POST[$key] == 'NULL';
}
}
I was expecting $_POST[$key] to be the same as $key, however this isnt the
case:
$
On Tue, October 18, 2005 12:42 pm, [EMAIL PROTECTED] wrote:
> That should work. You can set it so you can't have NULL, but dont
> know of anything that tells the database not to accept '' as a value
Any database, other than MySQL, is *NOT* going to accept '' as an
integer value.
Because '' is no
Good explanation but I think he wanted to avoid quoting the integers. I
may be wrong, but I think not quoting integers is a decent practice
because it makes it easier to port your SQL over to a different database
if you later decide you must do so. Of course he could just add a single
quote
What Ben said is correct, but I'd like to elaborate so you know why it's
correct.
The INSERT statement you're trying to end up with is:
INSERT INTO MYTABLE (column1, column2) VALUES ('somevalue1', 'somevalue2')
I'm not sure why it wouldn't work if you ended up with:
INSERT INTO MYTABLE (column
8 matches
Mail list logo
