Solved

mysql_query question

Posted on 2007-03-27
2
163 Views
Last Modified: 2013-12-13
i'm trying to do this:
      $query = "SELECT * FROM $tbl_name WHERE Date = '$this_date'";
which outputs this:
    SELECT * FROM tblMyTable WHERE Date = '2007-03-27'


and of course that works fine...

 however when i do this:
     $query = "SELECT * FROM  %s Where Date = %s";
     $query = mysql_real_escape_string(sprintf($query, $tbl_name, $this_date));

it outputs this:
    SELECT * FROM tblMyTable WHERE Date = \'2007-03-27\'

and that doesn't work


i thought that was the safe way to handle queries.

is that not ok because...... when i call mysql_query it will escape the quotes again?
so if i want to be careful, i should use mysql_real_escape_string directly on the variables i'm worried about and do NOT escape the query string.

thanks VERY MUCH for your help




      
0
Comment
Question by:tjazzvibe
2 Comments
 
LVL 20

Accepted Solution

by:
steelseth12 earned 500 total points
ID: 18803781
you should use mysql_real_escape_string on each field and not on the entire query

$query = "SELECT * FROM  %s Where Date = %s";
     $query = sprintf($query,
     mysql_real_escape_string($tbl_name),
     mysql_real_escape_string( $this_date));
0
 

Author Comment

by:tjazzvibe
ID: 18803796
of course. duh. thanks so much
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question