SQL Injection and mysql_real_escape_string
View Single Post
05-01-2008, 02:42 PM
Join Date: Sep 2007
Originally Posted by
yes, wrapping the variables in single quotes wil work fine, but you compare a number with a string, and it works on mysql, it could fail on other sql database.
Then its a good thing we aren't talking about other databases. That would be one of the multiple things you would have to change to work with Oracle, MSSQL, ect.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot