Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

mysql_query question

Posted on 2007-03-27
2
Medium Priority
?
168 Views
Last Modified: 2013-12-13
i'm trying to do this:
      $query = "SELECT * FROM $tbl_name WHERE Date = '$this_date'";
which outputs this:
    SELECT * FROM tblMyTable WHERE Date = '2007-03-27'


and of course that works fine...

 however when i do this:
     $query = "SELECT * FROM  %s Where Date = %s";
     $query = mysql_real_escape_string(sprintf($query, $tbl_name, $this_date));

it outputs this:
    SELECT * FROM tblMyTable WHERE Date = \'2007-03-27\'

and that doesn't work


i thought that was the safe way to handle queries.

is that not ok because...... when i call mysql_query it will escape the quotes again?
so if i want to be careful, i should use mysql_real_escape_string directly on the variables i'm worried about and do NOT escape the query string.

thanks VERY MUCH for your help




      
0
Comment
Question by:tjazzvibe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 20

Accepted Solution

by:
steelseth12 earned 2000 total points
ID: 18803781
you should use mysql_real_escape_string on each field and not on the entire query

$query = "SELECT * FROM  %s Where Date = %s";
     $query = sprintf($query,
     mysql_real_escape_string($tbl_name),
     mysql_real_escape_string( $this_date));
0
 

Author Comment

by:tjazzvibe
ID: 18803796
of course. duh. thanks so much
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question