$name = "all's name start with \"S\"";
Using escapeSimple()
$db->query("update pp_applications set planscr_remark = '".$db->escapeSimple($name)."' where sbc_no = '$sbcno'");
Using quoteSmart()
$db->query("update pp_applications set planscr_remark = ".$db->quoteSmart($name)." where sbc_no = '$sbcno'");
Difference is that second one automatically covered with single quote .
Using escapeSimple()
$db->query("update pp_applications set planscr_remark = '".$db->escapeSimple($name)."' where sbc_no = '$sbcno'");
Using quoteSmart()
$db->query("update pp_applications set planscr_remark = ".$db->quoteSmart($name)." where sbc_no = '$sbcno'");
Difference is that second one automatically covered with single quote .
No comments:
Post a Comment