?
Solved

mysql_query question

Posted on 2007-03-27
2
Medium Priority
?
167 Views
Last Modified: 2013-12-13
i'm trying to do this:
      $query = "SELECT * FROM $tbl_name WHERE Date = '$this_date'";
which outputs this:
    SELECT * FROM tblMyTable WHERE Date = '2007-03-27'


and of course that works fine...

 however when i do this:
     $query = "SELECT * FROM  %s Where Date = %s";
     $query = mysql_real_escape_string(sprintf($query, $tbl_name, $this_date));

it outputs this:
    SELECT * FROM tblMyTable WHERE Date = \'2007-03-27\'

and that doesn't work


i thought that was the safe way to handle queries.

is that not ok because...... when i call mysql_query it will escape the quotes again?
so if i want to be careful, i should use mysql_real_escape_string directly on the variables i'm worried about and do NOT escape the query string.

thanks VERY MUCH for your help




      
0
Comment
Question by:tjazzvibe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
steelseth12 earned 2000 total points
ID: 18803781
you should use mysql_real_escape_string on each field and not on the entire query

$query = "SELECT * FROM  %s Where Date = %s";
     $query = sprintf($query,
     mysql_real_escape_string($tbl_name),
     mysql_real_escape_string( $this_date));
0
 

Author Comment

by:tjazzvibe
ID: 18803796
of course. duh. thanks so much
0

Featured Post

Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question