On Sat, October 29, 2005 4:45 am, Bogdan Ribic wrote:
>> $value1 = 'xyz","xyz"); DELETE FROM MYTABLE;';
>>
>> you might get surprising results!
>>
>> This is called SQL injection and it's important to escape all the
>> values
>> before putting them into the statement.
>
>
> Did you try that? This d
Oliver Grätz wrote:
Shaun schrieb:
$qid = mysql_query('INSERT INTO MYTABLE (
column1,
column2,
) VALUES (
"'.$value1.'",
"'.$value2.'"
On Tue, October 18, 2005 2:15 pm, Shaun wrote:
> Thanks for your replies, rather than check each vaule by name I am
> trying to
> produce a more dynamic solution:
>
> foreach ($_POST as $key => $value) {
> if ($value == '') {
> $_POST[$key] == 'NULL';
If you actually have == in this line, th
Shaun schrieb:
> $qid = mysql_query('INSERT INTO MYTABLE (
> column1,
> column2,
>) VALUES (
> "'.$value1.'",
> "'.$value2.'"
>
You're using two =='s for your assignment.
On Tue, 18 Oct 2005 15:15:59 -0400, "Shaun" <[EMAIL PROTECTED]>
wrote:
Hi all,
Thanks for your replies, rather than check each vaule by name I am
trying to
produce a more dynamic solution:
foreach ($_POST as $key => $value) {
if ($value == ''
Sorry everyone, I missed the "integer" requirement here. I apologize. And
yes, '' isn't a good integer value and will throw an error.
That's what I get for not reading thoroughly enough :)
-TG
= = = Original message = = =
On Tue, October 18, 2005 12:42 pm, [EMAIL PROTECTED] wrote:
> That sho
Hi all,
Thanks for your replies, rather than check each vaule by name I am trying to
produce a more dynamic solution:
foreach ($_POST as $key => $value) {
if ($value == '') {
$_POST[$key] == 'NULL';
}
}
I was expecting $_POST[$key] to be the same as $key, however this isnt the
case:
$
On Tue, October 18, 2005 12:42 pm, [EMAIL PROTECTED] wrote:
> That should work. You can set it so you can't have NULL, but dont
> know of anything that tells the database not to accept '' as a value
Any database, other than MySQL, is *NOT* going to accept '' as an
integer value.
Because '' is no
Good explanation but I think he wanted to avoid quoting the integers. I
may be wrong, but I think not quoting integers is a decent practice
because it makes it easier to port your SQL over to a different database
if you later decide you must do so. Of course he could just add a single
quote
Yes, but NULL is a special thing to MySQL. If you don't quote 'NULL' it
just means 'empty' to mySQL. If your database schema allows NULLS (it's
optional), your insert will go through.
On Tue, 18 Oct 2005 13:10:32 -0400, "Shaun" <[EMAIL PROTECTED]>
wrote:
Hi Ben,
Thanks for your reply, w
Hi Ben,
Thanks for your reply, woudn't that insert a string with a value of'NULL';?
""Ben Litton"" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Either cast your empty ints (which should make it zero) or do an if
> (!isset($variable)) { $variable = 'NULL'; }
>
> Ben
>
> On Tue,
What Ben said is correct, but I'd like to elaborate so you know why it's
correct.
The INSERT statement you're trying to end up with is:
INSERT INTO MYTABLE (column1, column2) VALUES ('somevalue1', 'somevalue2')
I'm not sure why it wouldn't work if you ended up with:
INSERT INTO MYTABLE (column
Either cast your empty ints (which should make it zero) or do an if
(!isset($variable)) { $variable = 'NULL'; }
Ben
On Tue, 18 Oct 2005 12:15:41 -0400, "Shaun" <[EMAIL PROTECTED]>
wrote:
Hi,
Up to this point in time I used to construct my insert statements like
this
$qid = mysql_quer
13 matches
Mail list logo