TalkPHP - View Single Post

Village Idiot · 02-25-2008, 12:34 PM

I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped).

SELECT * FROM `table` WHERE `value` = '$value'

This is what the mysql manual says to do.

02-25-2008, 12:34 PM	#23 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,216 Thanks: 17	I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped). SELECT * FROM `table` WHERE `value` = '$value' This is what the mysql manual says to do. __________________ The tool I likely used to answer your question. Last edited by Village Idiot : 02-25-2008 at 01:53 PM.