[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP] Select record by ID
From:       "Craige Leeder" <cleeder () gmail ! com>
Date:       2007-01-31 1:23:01
Message-ID: 269efc990701301723l3ad06d51u1027c89c727c47fa () mail ! gmail ! com
[Download RAW message or body]

> atleast this part: $user_id = mysql_real_escape_string((int)
> $_GET['user_id']);

I'm not sure who put this in there, but you don't need to use
mysql_real_escape_string() on that value if you're type casting it. If
you are forcing it to be an integer, there is nothing to escape.
Integers are perfectly fine to be put into a query as they are.

- Craige

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]