Page 2 of 2

IN operator

Posted: Thu Jun 16, 2005 12:42 pm
by gzip
It works now! I must have missed the spaces on either side of $rid when I tried before. I never would've tried that on my own. What exactly is happening there, does the space act as a concatenation operator? Thanks so much!

IN operator

Posted: Thu Jun 16, 2005 12:46 pm
by John
Yes, all the pieces passed to a SQL statement are concatenated together literally (hence the SQL injection possibility). A variable reference inside a string is treated as a parameter place-holder, and the data sent as a single piece of data into the SQL, avoiding the need for escapement.