[prev in list] [next in list] [prev in thread] [next in thread]
List: php-general
Subject: Re: [PHP] Syntax for select statement
From: Jason Stechschulte <jpstech () unoh ! edu>
Date: 2001-04-30 19:44:33
[Download RAW message or body]
On Fri, Apr 27, 2001 at 11:56:08AM -0400, Don Pro wrote:
> $queryID = mysql_query("SELECT Country, Agent FROM Ports
> WHERE Portname = '$portname'");
>
> My question is, if the variable $portname has the ' character within in,
> will this cause an error in my select statement? If the answer is
> "Yes", can someone give me a more robust way of writing it using PHP?
Yes. You could try this
$queryID = mysql_query("SELECT Country, Agent FROM Ports
WHERE Portname='".addslashes($portname)."'");
--
Jason Stechschulte
jpstech@unoh.edu
--
Suppose you're working on an optimizer to render \X unnecessary (or
rather, redundant, which isn't the same thing in my book).
-- Larry Wall in <199710211624.JAA17833@wall.org>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-general-unsubscribe@lists.php.net
For additional commands, e-mail: php-general-help@lists.php.net
To contact the list administrators, e-mail: php-list-admin@lists.php.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic