Quick Sql Injection question.....

Re: Quick Sql Injection question.....


toddism wrote:[color=blue]
> $clean = array();
> $mysql = array();
>
> $clean['last_name']="o'reilly";
> $mysql['last_name']=mysql_real_esc ape_string($cle an['last_name']);
>
>
> why are we using an array ( $mysql['last_name'] ) instead of just a
> variable: $val?[/color]

It will work with just a variable. An array is probably used because
you want to insert more than only the last name:

$clean = array("last_nam e" => "o'reilly", "first_name " => "Bill", "And"
=> "so on");
$mysql = array();
foreach ($clean as $key -> $value) {
$myqsl[$key] = mysql_real_esca pe_string($valu e);
}

Re: Quick Sql Injection question.....

Thank you much. I assumed it was OK but wasn't sure if there was
something subtle.

Sjoerd wrote:[color=blue]
> toddism wrote:[color=green]
> > $clean = array();
> > $mysql = array();
> >
> > $clean['last_name']="o'reilly";
> > $mysql['last_name']=mysql_real_esc ape_string($cle an['last_name']);
> >
> >
> > why are we using an array ( $mysql['last_name'] ) instead of just a
> > variable: $val?[/color]
>
> It will work with just a variable. An array is probably used because
> you want to insert more than only the last name:
>
> $clean = array("last_nam e" => "o'reilly", "first_name " => "Bill", "And"
> => "so on");
> $mysql = array();
> foreach ($clean as $key -> $value) {
> $myqsl[$key] = mysql_real_esca pe_string($valu e);
> }[/color]