質問
It's a no brainer that we have to escape datas when inserting them to MySQL. But once these datas are in the database, is it safe to do something like this ?
https://stackoverflow.com/questions/23394854
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianINSERT INTO daily (lastname,
firstname,
adress,
city)
SELECT lastname,
firstname,
adress,
city)
FROM Users
WHERE id = 36;
If it's not, is there a workaround ?
解決
Yes, that works great. This is so, because your code doesn't include variables, it is pure SQL code.
But watch out, if you are doing something like insert into table select * from table where id=$id, then $id needs to be escaped, because $id is a variable that comes from outside of SQL.
