Results 1 to 6 of 6
Thread: A couple of security questions
Mar 23, 2003, 00:42 #1
- Join Date
- Sep 2001
- QLD, Australia
- 0 Post(s)
- 0 Thread(s)
A couple of security questions
I was just doing some reading through threads about security issues and php. There were a few things that I would like clarified..
"As a general rule, always escape any variable which will be used in a query, where the value of the variable was obtained from "outside" e.g. a form post or a cookie - you'll feel generally more relaxed if you do...." - Exactly how do you 'escape' a variable?
Another post mentioned that you should not use quotes around any variables that have numeric values in a query. Does this mean I should be writing
$number = 3;
$sql = "select * from ages where age = $number ";
// rather then
$sql = "select * from ages where age = '$number' ";
"cradled in the learning curve"