Differences of SQL statement
Posted: Tue Jan 14, 2003 7:55 am
I found phpMyAdmin uses
select '*' from 'mytable' where instead of using select * from without a quote. Is there a dffirence.
Sometimes i can block my sql script by using this.
normal
$query='something';
$sql='select * from mytable where field1=$query';
After customize
$query='drop database';
$sql='select * from mytable where field1='.'drop database';
is there any way to check a valid query or a sql statement. I heard they use the addslashes.
select '*' from 'mytable' where instead of using select * from without a quote. Is there a dffirence.
Sometimes i can block my sql script by using this.
normal
$query='something';
$sql='select * from mytable where field1=$query';
After customize
$query='drop database';
$sql='select * from mytable where field1='.'drop database';
is there any way to check a valid query or a sql statement. I heard they use the addslashes.