mk_89
Reputation: 2742
Setting value to NULL as opposed to 'NULL'
I have a function which adds varhcars and integers into a database row
public function addItem($id, $site, $price, $quantity, $condition,
$sellerName, $sellerRating, $sellerLocation, $description, $link){
$q = "INSERT INTO tbl_items VALUES(
'$id',
'$site',
$price,
$quantity,
'$condition',
'$sellerName',
$sellerRating,
'$sellerLocation',
'$description',
'$link',
".time().")";
return mysql_query($q, $this->connection);
}
There may be situations where I may decide that I want to set a varchar value to NULL, but the problem is if I send the string NULL as a parameter it will always be treated as a string.
e.g.
addItem("id1", "site1", 100, NULL, "NULL", "NULL", "NULL", "NULL", "NULL", "NULL",);
How do I avoid NULL being treated a string in my query?
Upvotes: 0
Views: 81
Answers (1)
user166390
Reputation:
Easy. Don't quote it, as 'NULL' is always a string and NULL is .. well, NULL.
How? Use placeholders aka prepare statements.
This will take care of any quoting (as required) and prevent SQL injection attacks. Win.
See How can I prevent SQL injection in PHP? which contains information on writing safe queries and has examples for both mysqli and PDO approaches.
Upvotes: 6
Related Questions
- Set value to NULL in MySQL
- Set value to NULL from select query in SQL
- Mysql change null value to 0
- Replace null with value in mysql query with 0
- Change Null from SQL to 0
- PHP MySQL making the values as a null
- How do you send NULL as a variable from PHP to SQL?
- How do you properly set a blank variable as NULL
- Setting column from not null to null - mysql
- mysql and not null column