Page 2 of 2

Posted: Wed Apr 18, 2007 12:11 pm
by John Cartwright
$var wrote:wow, i learned a bunch from this. escaping being crucial.
You've only seen one facet to why you should escape. Google "SQL injection".

Posted: Wed Apr 18, 2007 12:19 pm
by guitarlvr
Should you escape inputs that are only going into a select statement and never into an insert?

Wayne

EDIT: never mind, stupid question

Posted: Wed Apr 18, 2007 12:21 pm
by RobertGonzalez
Also make sure to learn proper query syntax. Much of th struggle you were having in the last few posts were wrapped around the fact that you were trying to insert a string without wrapping it in quotes.