tags:

views:

38

answers:

2

I am unsure which one to use in this situation???

$query1 = "SELECT * FROM messages WHERE 
messages.custid='".htmlspecialchars($_SESSION['customerid'])."' 
ORDER BY messages.id LIMIT $start, $limit ";
+2  A: 

use mysql_real_escape_string .. But really, don't do that

instead, install Pear's PDO library, then use a prepared statement for your query

Zak
A: 

mysql_real_escape_string() is made especialy for Mysql Tables, as the name indicates ;-)

Tokk