If you need to convert single quotes it means you don't use your DB properly. Just use prepared statements only and this problem won't exist any longer!
lg, Mike -- Michael Baierl <http://mbaierl.com/> On 15.10.2008, at 19:50, chasd <[EMAIL PROTECTED]> wrote: > > On Oct 15, 2008, at 11:08 AM, Ziba Scott wrote: > >> Hi Till, >> >> Thanks for the response. I'd like to just quote everything and >> stick it >> in the database, but ticket 1463946: >> http://trac.roundcube.net/ticket/1463946 >> >> suggests that there is a set of characters that are undesirable to >> store >> and may cause difficulty sending mail to users with strange names. > > A Wikipedia page has a summary of the relevant RFCs > <http://en.wikipedia.org/wiki/E-mail_address#RFC_specification> > and a specific list of characters. > > Apostrophes are particularly bad with SQL statements. > My personal hack is to replace those with the HTML entity ' > before SQL, and then convert back ( if I need to ) when reading from > the database. > > From reading the lists for the spam filtering software we use, e- > mail addresses that _begin_ with a plus can cause problems, as can > addresses with hyphens. > >> Which puts us in the position of picking and choosing what should go >> into the database. > > Data validation problem, which is true of any input data. > > > -- > Charles Dostale > System Admin - Silver Oaks Communications > http://www.silveroaks.com/ > 824 17th Street, Moline IL 61265 > > _______________________________________________ > List info: http://lists.roundcube.net/dev/ _______________________________________________ List info: http://lists.roundcube.net/dev/
