AlabamaHit Posted October 26, 2008 Share Posted October 26, 2008 This is just a question I was wondering...would this be right? Say a query like this.. mysql_query("UPDATE users SET money=money+500, crystals=crystals+500 WHERE username=$username AND userid=$userid"); This is not a real query.....I'm just using as an example of mixing...wonder if this is right... $mix = sprintf("UPDATE users SET money = money + %d , crystals = crystals + %d WHERE ((username = %s) AND (userid = %d)) ", @intval(500), @intval(500), mysql_real_escape_string($username), @intval($userid)); mysql_query($mix); Would that be the right way? Also question about it...in the username Does the %s need to be '%s'....just wondering. If you ' around a string or not? Quote Link to comment Share on other sites More sharing options...
Guest Anonymous Posted October 26, 2008 Share Posted October 26, 2008 Re: Mixing strings and intergers in mysql strip... Optimal solution in this case is: $money = 500; // unsigned integer -> %u $crystals = 500; // unsigned integer -> %u $username = "AlabamaHit"; // string -> %s $userid = 1; // unsigned integer -> %u $sql = sprintf ( "UPDATE `users` ". "SET `money` = `money` + %u, `crystals` = `crystals` + %u ". "WHERE ((`username` = '%s') AND (`userid` = %u))", $money, $crystals, mysql_real_escape_string($username, $dbconn), $userid ); $dbconn btw, is the database connection resource as returned by mysql_connect. This *is* important. Quote Link to comment Share on other sites More sharing options...
AlabamaHit Posted October 27, 2008 Author Share Posted October 27, 2008 Re: Mixing strings and intergers in mysql strip... Thank You Nyna. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.