On Jul 26, 2007, at 3:34 PM, David Krings wrote:
For simplicty reasons I want to store an entire file path in a
field. Since this is on windows, the \ in the path name causes
problems. There might be also other SQL unfriendly characters in
there.
I once came across this and escape the string, but then when using
stripslashes all slashes were gone
I assume you are using the php mysql functions directly and not some
other db library, right?
Here's what you want:
$filepath-db-escaped = mysql_real_escape_string($filepath);
This escapes it on it's way into the database and the database knows
at that point to remove the extra slashes and other escape characters
that were added via mysql_real_escape_string. So no need to call an
extra stripslashes or anything like that after you retrieve it from
the database.
mysql_real_escape_string is preferred over addslashes because it
additionally escapes some unicode characters and other ways that
people have found to inject sql code even when addslashes is applied.
-Rob
http://php.net/mysql_real_escape_string
_______________________________________________
New York PHP Community MySQL SIG
http://lists.nyphp.org/mailman/listinfo/mysql
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
