|  | escaping vs stored procedure | | |
| | | Dale |  |
|  Posted: Mon Sep 01, 2008 2:52 am Post subject: Re: escaping vs stored procedure |  |
| |  | |
"Michael Fesser" <netizen@gmx.de> wrote in message
news:f31mb4ptoq8nk750hsrltbe7fonfq82pa9@4ax.com...
| Quote: | .oO(Dale)
"Michael Fesser" <netizen@gmx.de> wrote in message
news:qvrib4t8nij9lpe86v6mj9blvmnfnkvqdt@4ax.com...
.oO(Dale)
you can google for a myriad, but since you just want an example to
see...
$id = mysql_real_escape_string($_REQUEST['id']);
$sql = "
SELECT COUNT(*) userExists
FROM users
WHERE Id = " . $id . "
";
WHERE Id = '$id'
Problem solved, if you expect a string ID. If the ID is numeric, you
want to use other functions instead, not mysql_real_escape_string().
that's one step. i just don't see the function as helpful really. educated
programmers like yourself see solutions that don't pin one to a specific
db
implementation.
I use PDO with my own wrapper class around it, but still use a lot of
MySQL-specific features and SQL enhancements, simply because they are
convenient and often make life a lot easier for me. I don't plan to run
my scripts on another system, a recent LAMP is simply a requirement for
my framework.
|
that's cool. that's just not the case with every employer i have. |
| |
|
|
