www.webdeveloper.com
+ Reply to Thread
Results 1 to 5 of 5
  1. 05-26-2009 09:42 AM #1
    fireblade's Avatar
    fireblade
    fireblade is offline burn for ever
    Join Date
    May 2007
    Posts
    142

    mysql_real_escape_string help!!

    hi,
    There is a php function mysql_real_escape_string() that we can use to clean string variable before put in to sql query. I am afraid is there any other that can I use with Integer types or the same I should use for all type? Can any one explain this please..
    <Javascript Smooth Scroller> | <Free Multi Transition Banner >

    Nothing builds self-esteem and self-confidence like accomplishment
    Reply With Quote Reply With Quote
  2. 05-26-2009 09:48 AM #2
    Mindzai's Avatar
    Mindzai
    Mindzai is offline Registered User
    Join Date
    Nov 2008
    Posts
    2,477
    Escaping something other than a string is not possible, there is no such thing as escaping an integer. If you want to clean/validate integers, you can either just cast to int to be sure of the type:

    PHP Code:
    $foo = (int) $foo
    or else check it is int and do soemthing different if it is not:

    PHP Code:
    if (!is_int($foo) {
            // not an int
    Reply With Quote Reply With Quote
  3. 05-26-2009 10:03 AM #3
    fireblade's Avatar
    fireblade
    fireblade is offline burn for ever
    Join Date
    May 2007
    Posts
    142
    thanks,
    btw, I think I could not explain the question correctly. I want this..

    PHP Code:
    $sql "INSERT INTO %s(id, agg_number, app_date, inv_number, account_type, status) VALUES (%d, '%s', '%s', '%s', '%d', '%s')";
                $sql sprintf($sql$this->tableName,
                                    $this->id
                                    $this->agg_number
                                    $this->getApp_date()) 
                                    $this->getInv_number(), 
                                    mysql_real_escape_string($this->getAccount_type()),
                                    mysql_real_escape_string($this->getStatus())); 
    This function is escaping the given data for string type and prapare it for insertion. So we can insert this data in to any mysql String Types. Same like there are Numeric Types and Date & Time Types. You might have looked in ADO.NET, there is parameter collection where we can define the data as DBTYPE.INT, DBTYPE.BIT so on before insertion. I was guessing is there any function that can do this job.
    <Javascript Smooth Scroller> | <Free Multi Transition Banner >

    Nothing builds self-esteem and self-confidence like accomplishment
    Reply With Quote Reply With Quote
  4. 05-26-2009 02:28 PM #4
    Mindzai's Avatar
    Mindzai
    Mindzai is offline Registered User
    Join Date
    Nov 2008
    Posts
    2,477
    If I'm understanding correctly, you can cast a variable to any type:

    PHP Code:
    (int) $foo;
    (bool)     $foo;
    (string)     $foo
    etc, although PHP is a loosely typed language and as a rule this is not usually necessary.
    Reply With Quote Reply With Quote
  5. 05-26-2009 03:31 PM #5
    fireblade's Avatar
    fireblade
    fireblade is offline burn for ever
    Join Date
    May 2007
    Posts
    142
    Yes mindzai. That is what I wanted to confirm whether is there any other option or to go as usual. thanks for your replies.
    <Javascript Smooth Scroller> | <Free Multi Transition Banner >

    Nothing builds self-esteem and self-confidence like accomplishment
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 HTML5 Development Center



Recent Articles