Skip Evans wrote:
I was under the impression that addslashes() would
handle single quote marks in INSERT statements,
but when I execute the following:

$sql="UPDATE images SET orderno=$orderno,
WHERE imageID=$imageID";

...and $caption contains something like:

"Don't look"

...the data is chopped off at the single quote mark.

How, if not addslashes(), does one handle this?

Change the contents of $sql to use double quotes around the strings instead of single - that's what real_escape_string was designed to escape. Alternatively use str_replace to escape single quotes.


PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to