On 14 Jan 2001 10:38:12 -0800, rodrigo <[EMAIL PROTECTED]> wrote:
>However, yesterday I was typing in an English name that had a single
>quote (say, like O'reilly) and the SQL querie was all wrong.
You need to escape the special characters (' becomes '' or \' depending on
database flavor). PHP's built-in addslashes() function does this nicely. If
your database complains about something addslashes() doesn't catch, there may
also be a db-specific function like mysql_escape_string() which ensures that
the string is safe to use in a query.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
