I found phpMyAdmin uses
select '*' from 'mytable' where instead of using select * from without a quote. Is there a dffirence.
Sometimes i can block my sql script by using this.
normal
$query='something';
$sql='select * from mytable where field1=$query';
After customize
$query='drop database';
$sql='select * from mytable where field1='.'drop database';
is there any way to check a valid query or a sql statement. I heard they use the addslashes.
Differences of SQL statement
Moderator: General Moderators
-
Pakcik_Kantin
- Forum Newbie
- Posts: 19
- Joined: Mon Jan 13, 2003 8:23 pm
- Location: Kuala Lumpur