IN operator

gzip
Posts: 9
Joined: Tue Jun 14, 2005 2:45 pm

IN operator

Post by gzip »

It works now! I must have missed the spaces on either side of $rid when I tried before. I never would've tried that on my own. What exactly is happening there, does the space act as a concatenation operator? Thanks so much!
User avatar
John
Site Admin
Posts: 2580
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

IN operator

Post by John »

Yes, all the pieces passed to a SQL statement are concatenated together literally (hence the SQL injection possibility). A variable reference inside a string is treated as a parameter place-holder, and the data sent as a single piece of data into the SQL, avoiding the need for escapement.
John Turnbull
Thunderstone Software
Post Reply