SQL troubles

GHengeveld	#9502 2009-03-07 07:14
Team Thanked: 52 times	You should use sed_sql_query instead of mysql_query. @Kilandor: What is the reason not to use $sql? Is it because its more vulnerable to attack (its easy to guess), or because it has the risk of being executed in the wrong place. I quite often use $sql so I'd like to know why I shouldn't. By the way, using $sql multiple times shouldn't be a problem, as long as the value gets overwritten every time. Very often I have something like this: $sql = "SELECT * FROM sometable WHERE somecondition='true'"; $query = mysql_query($sql); while ($row = mysql_fetch_array($query)) { echo $row['somevalue']; } $sql = "SELECT * FROM anothertable"; $query = mysql_query($sql); while ($row = mysql_fetch_array($query)) { doSomething(); }

GHengeveld

#9502 2009-03-07 07:14

You should use sed_sql_query instead of mysql_query.

@Kilandor: What is the reason not to use $sql? Is it because its more vulnerable to attack (its easy to guess), or because it has the risk of being executed in the wrong place. I quite often use $sql so I'd like to know why I shouldn't.
By the way, using $sql multiple times shouldn't be a problem, as long as the value gets overwritten every time. Very often I have something like this:

$sql = "SELECT * FROM sometable WHERE somecondition='true'";
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
echo $row['somevalue'];
}
$sql = "SELECT * FROM anothertable";
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
doSomething();
}