Jump to content
MakeWebGames

Mixing strings and intergers in mysql strip...


AlabamaHit

Recommended Posts

This is just a question I was wondering...would this be right?

Say a query like this..

mysql_query("UPDATE users SET money=money+500, crystals=crystals+500 WHERE username=$username AND userid=$userid");

 

This is not a real query.....I'm just using as an example of mixing...wonder if this is right...

 

$mix = sprintf("UPDATE users SET money = money + %d , crystals = crystals + %d WHERE ((username = %s) AND (userid = %d)) ",
@intval(500),
@intval(500),
mysql_real_escape_string($username),
@intval($userid));

mysql_query($mix);

 

Would that be the right way?

Also question about it...in the username Does the %s need to be '%s'....just wondering. If you ' around a string or not?

Link to comment
Share on other sites

Guest Anonymous

Re: Mixing strings and intergers in mysql strip...

Optimal solution in this case is:

 

$money    = 500;			// unsigned integer -> %u
$crystals = 500;			// unsigned integer -> %u
$username = "AlabamaHit";	// string           -> %s
$userid   = 1;				// unsigned integer -> %u
$sql      = sprintf
(
"UPDATE `users` ".
"SET `money` = `money` + %u, `crystals` = `crystals` + %u ".
"WHERE ((`username` = '%s') AND (`userid` = %u))",

$money,
$crystals,
mysql_real_escape_string($username, $dbconn),
$userid
);

 

$dbconn btw, is the database connection resource as returned by mysql_connect. This *is* important.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...