Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
When inserting a row in mysql database, string values need to be enclosed in quotes where integer don’t need to.
Is there any class or library that takes care of this automatically so that I can just pass to a 3rd-party function an array of fieldnames and values and don’t have to worry about putting string values in quotes?
Thanks,
You need to worry about more than just quoting; you need to worry about SQL injection.
For new code, use PDO instead of the
mysql_ormysqli_functions. Within PDO, use prepared statements (thePDOStatementobject).With prepared statements, you never have to enclose things in quotes and it stops SQL injections.