SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    Serial Publisher silver trophy aspen's Avatar
    Join Date
    Aug 1999
    Location
    East Lansing, MI USA
    Posts
    12,939
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Quoting SQL Variables

    Alright, you know that you're supposed to always put quotes around your user supplied variables in SQL.

    Otherwise they could be trickyand make a variable that has SQL in it that would delete or muck up your database.

    Ya well, I need an article that tells me this. I'm writing up something and I need to be able to quote this information from an official type source, ie an article somewhere.

    So if anyone knows of an article talking about this I'd really appreciate it, I've looked high and low and cannot find one.
    Chris Beasley - I publish content and ecommerce sites.
    Featured Article: Free Comprehensive SEO Guide
    My Guide to Building a Successful Website
    My Blog|My Webmaster Forums

  2. #2
    Victory shall be mine tubedogg's Avatar
    Join Date
    Mar 2001
    Location
    Medina, OH
    Posts
    440
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You mean like this?

    SELECT title FROM essays WHERE name='$title' OR author='$author'

    I believe in the docs at mysql.com it explains that only one column type can be called without using single quotes - INT maybe? Anyway I'm sure you could probably find something in the files over there - www.mysql.com/doc/
    Kevin

  3. #3
    You talkin to me? Anarchos's Avatar
    Join Date
    Oct 2000
    Location
    Austin, TX
    Posts
    1,438
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you're using magic_quotes_gpc you should be okay anyway.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •