@david this is an internal system so i donot so much expect sql injection but i need to learn more any e-books Regards On Wed, Sep 1, 2010 at 3:42 PM, David Njuguna <dnjuguna@gmail.com> wrote:
And to prevent SQL injection I suggest
$comma_separated = implode(",", $array_of_uids); *array_walk($comma_separated, 'mysqli_real_escape_string', $mysqli_link_object);* $sql = "UPDATE products SET product_price = '7.6' WHERE id IN ($comma_separated)";
On Wed, Sep 1, 2010 at 12:39 PM, Haggai Nyang <haggai.nyang@gmail.com>wrote:
Let me add to Gregory's explanation...you can save on cpu cycles by making one sql query to update all rows. Instead of a loop on the sql queries you can loop on the array_of_uids variable and create a comma delimited string out of them e.g. in PHP you can easily use the implode function:
$comma_separated = implode(",", $array_of_uids); $sql = "UPDATE products SET product_price = '7.6' WHERE id IN ($comma_separated)";
HTH
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ Skunkworks mailing list Skunkworks@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1f... ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Our greatest fear is not that we are inadequate, but that we are powerful beyond measure. It is our light, not our darkness, that frightens us. Calvin Omari Systems Developer/Designer http://www.facebook.com/barongo