Tips: PHP security
View Single Post
09-13-2007, 03:04 PM
Join Date: Sep 2007
Originally Posted by
Are you sure about that Village Idiot? I'm fairly sure if the
typecasting is unable to wither the string down to an integer, it will leave you with zero
. In addition to Jordie's comment, which is spot on, you may also use sprintf as well. Like so:
"update ... where id=%d"
It returns zero rows because PHP doesn't look if its an int or a varcher (ect) that it is looking for, not does SQL.
View Public Profile
Send a private message to Village Idiot
Find More Posts by Village Idiot