php_guest 0 Posted June 23, 2010 Share Posted June 23, 2010 What are the correct ways to make mysql queries? a) 1. mysql_query("UPDATE inbox SET `city` = '1'... 2. mysql_query("UPDATE inbox SET `city` = 1... 3. mysql_query("UPDATE inbox SET `city` = $_POST[city]... 4. $city=$_POST[city]; mysql_query("UPDATE inbox SET `city` = $city 5. mysql_query("UPDATE inbox SET `city` = ".$_POST[city]."... and b) the same examples but if data is varchar and not numeric. I hope there is any body who can take a look to those queries. I would really like to finall clerify what is correct way. Thank you! Link to post Share on other sites
fenway 21 Posted June 24, 2010 Share Posted June 24, 2010 1 & 2 have to do with sql injection -- it's a good idea to quote literals regardless. 3/4/5 are php variable iterpolation issues. Link to post Share on other sites
Recommended Posts
Archived
This topic is now archived and is closed to further replies.