| List: | General Discussion | « Previous MessageNext Message » | |
| From: | Hank | Date: | September 19 2011 10:11pm |
| Subject: | Re: Quotes around INSERT and SELECT statements' arguments from the mysql CLI and PHP | ||
| View as plain text | |||
Best of both worlds: > $username=$_POST['username']; > // do some stuff with username here > $M=array(); // Array of things to be inserted into MySQL > $M[username]=mysql_real_escape_string($username); // Everything that > goes into $M is escaped > $query="INSERT INTO table (username) VALUES ('{$M[username]}')"; > > I'm not sure I'm seeing why, in particular, you are using an array here?