For Java, avoiding SQL Injection is exactly the same just Prepare a satement using the Connection and then the respective parameter values. This really helps also in dealing with strings like (ng&#39;ombe). You should NEVER concatenate users input with your sql query.<br>
<br><div class="gmail_quote">On Tue, Oct 5, 2010 at 3:53 PM, Gregory Okoth <span dir="ltr">&lt;<a href="mailto:gregory.okoth@gmail.com">gregory.okoth@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
@David...<div>How would you prevent SQL injections, esp when using Prepared Statements.....I use Java, but I can get the flow in some structured pseudocode!! I will try to research more in Java terms though!! :-)<br><br><div class="gmail_quote">
<div class="im">
On Wed, Sep 1, 2010 at 3:42 PM, David Njuguna <span dir="ltr">&lt;<a href="mailto:dnjuguna@gmail.com" target="_blank">dnjuguna@gmail.com</a>&gt;</span> wrote:<br></div><div><div></div><div class="h5"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

And to prevent SQL injection I suggest<div><br></div><div><div><div>$comma_separated = implode(&quot;,&quot;, $array_of_uids);</div></div><div><b>array_walk($comma_separated, &#39;mysqli_real_escape_string&#39;, $mysqli_link_object);</b></div>

<div>
<div>$sql = <span style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse">&quot;UPDATE products SET product_price = &#39;7.6&#39; WHERE id IN ($comma_separated)&quot;;</span></div><br></div><div class="gmail_quote">

<div><div></div><div>
On Wed, Sep 1, 2010 at 12:39 PM, Haggai Nyang <span dir="ltr">&lt;<a href="mailto:haggai.nyang@gmail.com" target="_blank">haggai.nyang@gmail.com</a>&gt;</span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div><div></div><div>
Let me add to Gregory&#39;s explanation...you can save on cpu cycles by making one sql query to update all rows. Instead of a loop on the sql queries you can loop on the array_of_uids variable and create a comma delimited string out of them e.g. in PHP you can easily use the implode function:<div>




<br></div><div>$comma_separated = implode(&quot;,&quot;, $array_of_uids);</div><div>$sql = <span style="font-family:arial, sans-serif;font-size:13px;border-collapse:collapse">&quot;UPDATE products SET product_price = &#39;7.6&#39; WHERE id IN ($comma_separated)&quot;;</span></div>




<div><div><br></div></div><div>HTH</div>
<br></div></div><div>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke" target="_blank">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Server donations spreadsheet<br>
<a href="http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en" target="_blank">http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en</a><br>



------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></div></blockquote></div><br></div>
<br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke" target="_blank">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Server donations spreadsheet<br>
<a href="http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en" target="_blank">http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en</a><br>


------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div></div></div><br></div>
<br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke">Skunkworks@lists.my.co.ke</a><br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
Skunkworks Server donations spreadsheet<br>
<a href="http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en" target="_blank">http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&amp;hl=en</a><br>

------------<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br><br clear="all"><br>-- <br>Solomon Kariri,<br><br>Software Developer,<br>Cell: +254736 729 450<br>Skype: solomonkariri<br>