I’ve got a variable in a php function of mine which is passed into a SQL query. I’m wondering how do I append ” and ” either side of it without actually turning it into a string?
Thanks.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’ve got a variable in a php function of mine which is passed into a SQL query. I’m wondering how do I append ” and ” either side of it without actually turning it into a string?
Thanks.
If you can, you should really look into using prepared statements. In PHP both the
mysqliandPDOlibraries support them. This allows you to create placeholders in your queries and then bind values to them without having to manipulate the SQL text itself.By doing this, you both save yourself hassle in terms of getting the SQL formatting right, and also protect yourself against accidental SQL injection holes by no longer having to remember to escape strings.