Securing your MySQL Queries with Sprintf
View Single Post
02-25-2008, 01:34 PM
Join Date: Sep 2007
I honestly find this to be overkill. And I know this is difference in our coding style, but I see it as unnecessarily long and harder to read then my method of doing it. the easiest and fastest way to prevent this is to clean your queries and put your values in ''s. That way you cannot inject false values (' is escaped).
SELECT * FROM `table` WHERE `value` = '$value'
This is what the mysql manual says to do.
Last edited by Village Idiot : 02-25-2008 at
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot