By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,441 Members | 996 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,441 IT Pros & Developers. It's quick & easy.

Quick Sql Injection question.....

P: n/a
My book says prevent it like this:

$clean = array();
$mysql = array();

$clean['last_name']="o'reilly";
$mysql['last_name']=mysql_real_escape_string($clean['last_name']);
why are we using an array ( $mysql['last_name'] ) instead of just a
variable: $val?
I just wanna understand. Thanks.

Jun 20 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a

toddism wrote:
$clean = array();
$mysql = array();

$clean['last_name']="o'reilly";
$mysql['last_name']=mysql_real_escape_string($clean['last_name']);
why are we using an array ( $mysql['last_name'] ) instead of just a
variable: $val?


It will work with just a variable. An array is probably used because
you want to insert more than only the last name:

$clean = array("last_name" => "o'reilly", "first_name" => "Bill", "And"
=> "so on");
$mysql = array();
foreach ($clean as $key -> $value) {
$myqsl[$key] = mysql_real_escape_string($value);
}

Jun 20 '06 #2

P: n/a
Thank you much. I assumed it was OK but wasn't sure if there was
something subtle.

Sjoerd wrote:
toddism wrote:
$clean = array();
$mysql = array();

$clean['last_name']="o'reilly";
$mysql['last_name']=mysql_real_escape_string($clean['last_name']);
why are we using an array ( $mysql['last_name'] ) instead of just a
variable: $val?


It will work with just a variable. An array is probably used because
you want to insert more than only the last name:

$clean = array("last_name" => "o'reilly", "first_name" => "Bill", "And"
=> "so on");
$mysql = array();
foreach ($clean as $key -> $value) {
$myqsl[$key] = mysql_real_escape_string($value);
}


Jun 20 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.