@david this is an internal system so i donot so much expect sql injection but i need to learn more any e-books
Regards

On Wed, Sep 1, 2010 at 3:42 PM, David Njuguna <dnjuguna@gmail.com> wrote:
And to prevent SQL injection I suggest

$comma_separated = implode(",", $array_of_uids);
array_walk($comma_separated, 'mysqli_real_escape_string', $mysqli_link_object);
$sql = "UPDATE products SET product_price = '7.6' WHERE id IN ($comma_separated)";

On Wed, Sep 1, 2010 at 12:39 PM, Haggai Nyang <haggai.nyang@gmail.com> wrote:
Let me add to Gregory's explanation...you can save on cpu cycles by making one sql query to update all rows. Instead of a loop on the sql queries you can loop on the array_of_uids variable and create a comma delimited string out of them e.g. in PHP you can easily use the implode function:

$comma_separated = implode(",", $array_of_uids);
$sql = "UPDATE products SET product_price = '7.6' WHERE id IN ($comma_separated)";

HTH

_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke


_______________________________________________
Skunkworks mailing list
Skunkworks@lists.my.co.ke
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------
Skunkworks Server donations spreadsheet
http://spreadsheets.google.com/ccc?key=0AopdHkqSqKL-dHlQVTMxU1VBdU1BSWJxdy1fbjAwOUE&hl=en
------------
Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Our greatest fear is not that we are inadequate,
but that we are powerful beyond measure.
It is our light, not our darkness, that frightens us.

Calvin Omari Systems Developer/Designer
http://www.facebook.com/barongo