Re: Multiple databases
Posted by:
Rick James
Date: April 26, 2011 08:04PM
Be sure that $sql_database is never "mysql".
$name = $_GET['name'];
$sql = "SELECT * FROM foo WHERE name = '$name';
What happens if $name = "O'Henry"?
That will give you an error that you probably don't catch. But nastier things can be done with an extra apostrophe like that. PREPARE does not prevent it. mysql_real_escape_string() does.
Subject
Written By
Posted
Re: Multiple databases
April 26, 2011 08:04PM
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders.
It is not reviewed in advance by Oracle and does not necessarily represent the opinion
of Oracle or any other party.