Jump to content
MakeWebGames

Mixing strings and intergers in mysql strip...


Recommended Posts

Posted

This is just a question I was wondering...would this be right?

Say a query like this..

mysql_query("UPDATE users SET money=money+500, crystals=crystals+500 WHERE username=$username AND userid=$userid");

 

This is not a real query.....I'm just using as an example of mixing...wonder if this is right...

 

$mix = sprintf("UPDATE users SET money = money + %d , crystals = crystals + %d WHERE ((username = %s) AND (userid = %d)) ",
@intval(500),
@intval(500),
mysql_real_escape_string($username),
@intval($userid));

mysql_query($mix);

 

Would that be the right way?

Also question about it...in the username Does the %s need to be '%s'....just wondering. If you ' around a string or not?

Guest Anonymous
Posted

Re: Mixing strings and intergers in mysql strip...

Optimal solution in this case is:

 

$money    = 500;			// unsigned integer -> %u
$crystals = 500;			// unsigned integer -> %u
$username = "AlabamaHit";	// string           -> %s
$userid   = 1;				// unsigned integer -> %u
$sql      = sprintf
(
"UPDATE `users` ".
"SET `money` = `money` + %u, `crystals` = `crystals` + %u ".
"WHERE ((`username` = '%s') AND (`userid` = %u))",

$money,
$crystals,
mysql_real_escape_string($username, $dbconn),
$userid
);

 

$dbconn btw, is the database connection resource as returned by mysql_connect. This *is* important.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...