Saturday, April 19, 2008

Escape MySQL Variables in the Same Sequence

Labels: ,

When escaping a MySQL query, be sure to escape the variables in the correct order.

Example:

UPDATE
table_name
SET
var1='%s',
var3='%s',
var2='%s'
WHERE
foo=bar
mysql_real_escape_string($var1, $db),
mysql_real_escape_string($var3, $db),
mysql_real_escape_string($var2, $db)

The mysql_real_escape_string function will escape variables in the order specified in SET

Posted by Andrew at Saturday, April 19, 2008

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)