| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: insert on oracle db question
"Geoff Muldoon" <geoff.muldoon_at_trap.gmail.com> wrote in message
news:MPG.1e81eaacf07a65e498978d_at_news.readfreenews.net...
> stephane.vollet_at_bluewin.ch says...
>
> > $query="insert into vegetables (name) values ($veg)";
>
> Try adding simple quote delimiters around strings.
>
> $query="insert into vegetables (name) values ('$veg')";
> or for readability
> $query="insert into vegetables (name) values ('".$veg."')";
>
> Also try redesigning your code to use bind variables.
>
> GM
If he doesn't use bind variables then it makes it much easier to hack his
web page and take over his database. (see sql injection) Also if he uses
bind variables he can avoid buying a larger machine than without bind
variables. With bind variables the code is simpler. (less matching of '
marks)
Jim
Received on Tue Mar 14 2006 - 21:48:18 CST
 |
 |