/    Sign up×
Community /Pin to ProfileBookmark

[RESOLVED] mysql_real_escape_string question

Copy linkTweet thisAlerts:
Aug 06.2008

When using this, do you have use use sprintf? IE:

[code=php]
sprintf(“INSERT INTO products (`name`, `description`, `user_id`) VALUES (‘%s’, ‘%s’, %d)”,
mysql_real_escape_string($product_name, $link),
mysql_real_escape_string($product_description, $link),
$_POST[‘user_id’]);
[/code]

or is it also safe to do this:

[code=php]
$sql = “INSERT INTO products (`name`, `description`, `user_id`) VALUES (‘”.mysql_real_escape_string($product_name, $link).”‘, ‘”.mysql_real_escape_string($prodcut_description, $link).”‘, “.$_POST[‘user_id’].”);”;
[/code]

I would assume both would be appropriate.. But I have been proven wrong before ^_^

thanks
Kyle

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@NogDogAug 06.2008 — You could use either; just use whichever one you find easier to read and maintain. Or move up to the MySQL[b]i[/b] extension and use prepared statements and bound variables, which can remove the need to call a separate escape function. ?
Copy linkTweet thisAlerts:
@Kyleva2204authorAug 06.2008 — Thanks ?
Copy linkTweet thisAlerts:
@MrCoderAug 07.2008 — $_POST['user_id'] should be typecast as an integer.

Also had a typo in "prodcut" and no need for the $link unless you are using more then one database connection simultaneously.

[code=php]
$sql = "INSERT INTO products (
name,
description,
user_id
) VALUES (
'".mysql_real_escape_string($product_name)."',
'".mysql_real_escape_string($product_description)."',
'".(int)$_POST['user_id']."'
)";
[/code]
×

Success!

Help @Kyleva2204 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 6.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @nearjob,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,

tipper: @meenaratha,
tipped: article
amount: 1000 SATS,
)...