How to modify Temp table data for reporting

[apmuthu]

Instead of just single quotes (which must encapsulate the string unless leveraging PDO placeholders), first pass the string through mysqli_real_escape_string() function. This will take care of all escaping and sql injection issues.

Thanks. Very nice explanation. A final drop temporary table after generating the report....

[icoso]

Instead of just single quotes (which must encapsulate the string unless leveraging PDO placeholders), first pass the string through mysqli_real_escape_string() function. This will take care of all escaping and sql injection issues.

Thanks. Very nice explanation. A final drop temporary table after generating the report....

Apmuthu, If my SQL SELECT statement only has the date fields as user entry fields, for this report, and my UPDATE statement is generated using only the data that my original Select statement generated, should I still have to use mysqli_real_escape_string() function? Are you suggesting that I use this on the two date fields that are user entered?

How would I do that? Or what I should I do with those date fields?

Also according to Kev1n nuBuilder automatically drops the temporary tables. I've verified this by using my CPAnel myPHPAdmin. The only time temp tables are left in the database, is if my php functions fail for some reason AFTER the nuRunQuery() to create the temporary table.

[apmuthu]

In the script that uses the date field values you can use the mysqli_real_escape_string() function. All user input must be washed for preventing SQL injection.

[kev1n]

This is not available with PDO.
https://www.php.net/manual/en/function. ... string.php

[apmuthu]

Then use placeholders in PDO template.