Solved

mysql_query question

Posted on 2007-03-27
2
165 Views
Last Modified: 2013-12-13
i'm trying to do this:
      $query = "SELECT * FROM $tbl_name WHERE Date = '$this_date'";
which outputs this:
    SELECT * FROM tblMyTable WHERE Date = '2007-03-27'


and of course that works fine...

 however when i do this:
     $query = "SELECT * FROM  %s Where Date = %s";
     $query = mysql_real_escape_string(sprintf($query, $tbl_name, $this_date));

it outputs this:
    SELECT * FROM tblMyTable WHERE Date = \'2007-03-27\'

and that doesn't work


i thought that was the safe way to handle queries.

is that not ok because...... when i call mysql_query it will escape the quotes again?
so if i want to be careful, i should use mysql_real_escape_string directly on the variables i'm worried about and do NOT escape the query string.

thanks VERY MUCH for your help




      
0
Comment
Question by:tjazzvibe
2 Comments
 
LVL 20

Accepted Solution

by:
steelseth12 earned 500 total points
ID: 18803781
you should use mysql_real_escape_string on each field and not on the entire query

$query = "SELECT * FROM  %s Where Date = %s";
     $query = sprintf($query,
     mysql_real_escape_string($tbl_name),
     mysql_real_escape_string( $this_date));
0
 

Author Comment

by:tjazzvibe
ID: 18803796
of course. duh. thanks so much
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses four methods for overlaying images in a container on a web page
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question