I am storing data from an html form and there could be any character in
there, including a % and an _. I'm using mysql_real_escape_string in
php to escape special characters, but it says it doesn't escape the %
and _. I was also reading something about escaping the -- . If I want
all of these characters and character sequences to be allowable field
values do I need to do more than what mysql_real_escape_string will do
for me? I am enclosing all values in ' like the following...
$query = "INSERT INTO user Values (NULL, '$UserID', '$Password',
'$Email', '$FName', '$LName', ";
$query .= "'$StreetAddress', '$AddressLine2', '$City', '$State', '$ZIP')";
$result = mysql_query($query);
Chris W
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
