Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- city = "'s-Hertogenbosch";
- /* this query with escaped $city will work */
- $query = sprintf("SELECT CountryCode FROM City WHERE name='%s'",
- mysqli_real_escape_string($mysqli, $city));
- $resu = mysqli_query($mysqli, $query);
- printf("Select returned %d rows.\n", mysqli_num_rows($result));
- /* this query will fail, because we didn't escape $city */
- $query = sprintf("SELECT CountryCode FROM City WHERE name='%s'", $city);
- $result = mysqli_query($mysqli, $query);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement