[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: Re: [PHP] Select record by ID
From: "Craige Leeder" <cleeder () gmail ! com>
Date: 2007-01-31 1:23:01
Message-ID: 269efc990701301723l3ad06d51u1027c89c727c47fa () mail ! gmail ! com
[Download RAW message or body]
> atleast this part: $user_id = mysql_real_escape_string((int)
> $_GET['user_id']);
I'm not sure who put this in there, but you don't need to use
mysql_real_escape_string() on that value if you're type casting it. If
you are forcing it to be an integer, there is nothing to escape.
Integers are perfectly fine to be put into a query as they are.
- Craige
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic