From: Hank
Date: September 19 2011 10:11pm
Subject: Re: Quotes around INSERT and SELECT statements' arguments from the
 mysql CLI and PHP
List-Archive: http://lists.mysql.com/mysql/225773
Message-Id: <CAPs4VGmtZjtOECbFSTCy68b7Me9BEnz_AAG69y7An90H9rM0Sw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary=0016364d25f38bfd9b04ad529e7b

--0016364d25f38bfd9b04ad529e7b
Content-Type: text/plain; charset=ISO-8859-1

Best of both worlds:
> $username=$_POST['username'];
> // do some stuff with username here
> $M=array();  // Array of things to be inserted into MySQL
> $M[username]=mysql_real_escape_string($username); // Everything that
> goes into $M is escaped
> $query="INSERT INTO table (username) VALUES ('{$M[username]}')";
>
>
I'm not sure I'm seeing why, in particular, you are using an array here?

--0016364d25f38bfd9b04ad529e7b--