On May 24, 2010, at 12:18 PM, Саша Стаменковић wrote:
Sure, when you have unlimited number of db operation over a period of time. I'll come up with my own offline quoting.
You should use the function provided by the database API. The function mysqli_real_escape_string() requires an active database connection because it needs to know the character set used by the connection. But this isn't a problem; it's necessary so it can do quoting safely.
Please DON'T try to write your own quoting function unless you are an expert with multi-byte character sets. It's surprisingly difficult to write a quoting function that's safe.
Read http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string Regards, Bill Karwin
