On Tuesday 18 January 2005 19:18, Jochem Maas wrote:
> I was always under the impression that single quotes (assuming you are
> delineating you args with single quotes) should (officially) be escaped
> with another single quote - although backslash also works:

I think it depends on the database that you are using. Oracle and MS-SQL 
both require quotes to be escaped with another quote, MySQL uses 
I seem to recall that two quotes is the standard...

Of course it is even better to use bind vars and then you don't need to 
escape the quotes (or worry about sql injection attacks)...

cheers Simon

Simon Rees  | [EMAIL PROTECTED]  |
ORA-03113: end-of-file on communication channel

PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to