TalkPHP - View Single Post

Village Idiot · 02-25-2008, 01:34 PM

I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped).

SELECT * FROM `table` WHERE `value` = '$value'

This is what the mysql manual says to do.

02-25-2008, 01:34 PM	#23 (permalink)
Village Idiot Wizard Join Date: Sep 2007 Posts: 1,299 Thanks: 17	I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped). SELECT * FROM `table` WHERE `value` = '$value' This is what the mysql manual says to do. __________________ Last edited by Village Idiot : 02-25-2008 at 02:53 PM.