题
It's a no brainer that we have to escape datas when inserting them to MySQL. But once these datas are in the database, is it safe to do something like this ?
https://stackoverflow.com/questions/23394854
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianINSERT INTO daily (lastname,
firstname,
adress,
city)
SELECT lastname,
firstname,
adress,
city)
FROM Users
WHERE id = 36;
If it's not, is there a workaround ?
解决方案
Yes, that works great. This is so, because your code doesn't include variables, it is pure SQL code.
But watch out, if you are doing something like insert into table select * from table where id=$id, then $id needs to be escaped, because $id is a variable that comes from outside of SQL.
