Best of both worlds:
> $username=$_POST['username'];
> // do some stuff with username here
> $M=array(); // Array of things to be inserted into MySQL
> $M[username]=mysql_real_escape_string($username); // Everything that
> goes into $M is escaped
> $query="INSERT INTO table (username) VALUES ('{$M[username]}')";
>
>
I'm not sure I'm seeing why, in particular, you are using an array here?
- Re: Quotes around INSERT and SELECT statements' arguments f... Brandon Phelps
- Re: Quotes around INSERT and SELECT statements' argume... Dotan Cohen
- Re: Quotes around INSERT and SELECT statements' ar... Hank
- Re: Quotes around INSERT and SELECT statements... Reindl Harald
- Re: Quotes around INSERT and SELECT statem... Dotan Cohen
- Re: Quotes around INSERT and SELECT statem... Hank
- Re: Quotes around INSERT and SELECT s... Reindl Harald
- Re: Quotes around INSERT and SELE... Dotan Cohen
- Re: Quotes around INSERT and ... Hank
- Re: Quotes around INSERT and ... Dotan Cohen
- Re: Quotes around INSERT and ... Reindl Harald
- Re: Quotes around INSERT and ... Dotan Cohen
- Re: Quotes around INSERT and ... Dotan Cohen
- Re: Quotes around INSERT and ... Reindl Harald
- Re: Quotes around INSERT and ... Hank
- Re: Quotes around INSERT and ... Dotan Cohen
- Re: Quotes around INSERT and SELECT statements... Dotan Cohen
