AlabamaHit Posted October 26, 2008 Posted October 26, 2008 This is just a question I was wondering...would this be right? Say a query like this.. mysql_query("UPDATE users SET money=money+500, crystals=crystals+500 WHERE username=$username AND userid=$userid"); This is not a real query.....I'm just using as an example of mixing...wonder if this is right... $mix = sprintf("UPDATE users SET money = money + %d , crystals = crystals + %d WHERE ((username = %s) AND (userid = %d)) ", @intval(500), @intval(500), mysql_real_escape_string($username), @intval($userid)); mysql_query($mix); Would that be the right way? Also question about it...in the username Does the %s need to be '%s'....just wondering. If you ' around a string or not? Quote
Guest Anonymous Posted October 26, 2008 Posted October 26, 2008 Re: Mixing strings and intergers in mysql strip... Optimal solution in this case is: $money = 500; // unsigned integer -> %u $crystals = 500; // unsigned integer -> %u $username = "AlabamaHit"; // string -> %s $userid = 1; // unsigned integer -> %u $sql = sprintf ( "UPDATE `users` ". "SET `money` = `money` + %u, `crystals` = `crystals` + %u ". "WHERE ((`username` = '%s') AND (`userid` = %u))", $money, $crystals, mysql_real_escape_string($username, $dbconn), $userid ); $dbconn btw, is the database connection resource as returned by mysql_connect. This *is* important. Quote
AlabamaHit Posted October 27, 2008 Author Posted October 27, 2008 Re: Mixing strings and intergers in mysql strip... Thank You Nyna. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.