Skip Evans wrote:
I was under the impression that addslashes() would
handle single quote marks in INSERT statements,
but when I execute the following:
$sql="UPDATE images SET orderno=$orderno,
...and $caption contains something like:
...the data is chopped off at the single quote mark.
How, if not addslashes(), does one handle this?
Change the contents of $sql to use double quotes around the strings
instead of single - that's what real_escape_string was designed to
escape. Alternatively use str_replace to escape single quotes.
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php