1

I'm a noob when it comes to mysql and php, and just want to ask if I do this correct:

  1. I want to SELECT from a table where "lastTurn" is more then 12h. Is this the correct way to do it. I'm most concernt with the 12h time stamp

    $queryQuit = mysql_query("SELECT match_id, lastTurn FROM active_matches WHERE matchStatus=0 AND noticeSent < 2 AND lastTurn < NOW() - INTERVAL 12 HOUR");

  2. I use Asihttprequest to send data to the server. If I send an int, do I need to convert it before it goes into the database?

    //score is an int
$score = mysql_real_escape_string($_POST['score']); 

//Update a table where the field is an int 
 "UPDATE hiscore SET score=score + '$score' WHERE username='$username'"

Thanks in advance

Improve this question
8
  • 1
    Question 2: yes, convert it to an int ($score = (int) $_POST['score']; instead of your escape line) and remove the apostrophes from around $score in the UPDATE statement. Commented Apr 28, 2012 at 21:44
  • Thanks. Is there something that can go wrong with the apostrophes, or is it just unnecessarily? Commented Apr 28, 2012 at 21:55
  • It's unnecessary. It'll probably still work, but your database will read it as a string, and then realise it can be converted to a number due to the column type, rather than converting it to a number immediately. Commented Apr 28, 2012 at 21:58
  • 1
    So I should skip the apostrophes for int values, and keep it if I know the variable is a string? Correct! Commented Apr 28, 2012 at 22:02
  • 1
    That said, it is better to use the PDO approach, so you can use value parameterisation. The mysql module is quite old these days. Commented Apr 28, 2012 at 22:03

1 Answer 1

Reset to default
1

  1. This looks correct

  2. You need to cast to int if you want to make sure you are saving an integer

Code example:

$score = mysql_real_escape_string((int) $_POST['score']);

or

$score = mysql_real_escape_string(intval($_POST['score']));
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.