Oh, one more thing - maybe you don't understand what the slashing is for: you don't store \" in the database -- the slash is there just so the MySQL statement is correct. MySQL knows about slashing and will replace your \" with " so what you store in the database is exactly what the user typed in the input box.
Bogdan Jonathan Hilgeman wrote: > How is it the \"proper\" way to do it and why does it have to remain the > \"proper\" way of doing it? Simply because it retains the same character in > the database? What good is that if the data will simply be extracted and > unslashed at a later point anyway? > > How the data is kept internally should not be an issue if it is only stored > to be later extracted and parsed anyway. That's a partial reason we use > timestamps instead of storing the full date everywhere. It's called proper > representation. > > And I think in cases where HTML forms are used in conjunction with > databases, the HTML equivalents are a heck of a lot more proper than > slashes, not to mention more efficient. The only downside I see is that > instead of taking up 2 characters, it takes up 6, but since many fields we > all use won't ever contain quotes, I see it as a more than reasonable > trade-off. > > I personally consider it a bad habit to use slashes unless you're dealing > with regexes. And not everybody does it that way. > > - Jonathan > > -----Original Message----- > From: Bogdan Stancescu [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 04, 2002 1:41 PM > To: Jonathan Hilgeman > Cc: '[EMAIL PROTECTED]' > Subject: Re: [PHP-DB] Fixed Quote Marks in Inputs > > That would be because this way you'll end up with the proper data in the > database instead of HTML-encoded strings. Plus it's the proper way to do it > -- > everybody does it this way and it's a good habit. > > Bogdan > > Jonathan Hilgeman wrote: > > > I thought I made it somewhat clear: > > > when I'm dealing with form inputs that can contain quote marks > > > > Why run 3 functions at separate times when you can run one once just > before > > data is inserted into the database? > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
