12-08-2007, 06:45 PM
|
#7 (permalink)
|
|
The Acquainted
Join Date: Nov 2007
Posts: 154
Thanks: 31
|
Quote:
Originally Posted by ReSpawN
Thus using the result just gave you, you can also make your query a lot more safe. ... First I should advise you NOT to use double quotes ("") but single quotes (''). Why? Since defining what ever in a query, it's wise to open a identifier with "'.$username.'". Thus the query will look like this:
PHP Code:
$rSql = mysql_query('SELECT username FROM respawn_users WHERE username = "'.$username.'"');
First it looks a lot better... |
Can you explain how that makes the query 'more safe'? Or why it's wise to format the string that way? |
|
|
|