Thank you John. Currently i am using PEAR DB abstration layer. Which function should i use to escape the ' character? There are couple of functions in the PEAR DB documentation so i don't know which one should i use.
Hardik --- "John W. Holmes" <[EMAIL PROTECTED]> wrote: > Richard Davey wrote: > > > Does mysql_real_escape_string (or > mysql_escape_string) do anything > > extra that addslashes() doesn't? In the examples > in the manual it is > > just used to escape the ' character, but that is > exactly what > > addslashes() will do anyway. > > real_escape_string() takes the current character set > into consideration > when it escapes characters. Probably 99% of the time > it's going to > behave like addslashes(), but it's still good to use > it because you're > letting the database determine what needs to be > escaped rather than just > assuming it's only the characters covered by > addslashes(). > > > Is mysql_real_escape_string tolerant of magic > quotes? i.e. will you > > end up with double-quoted strings like: "it\\'s a > lovely day" if you > > call it too many times? > > Yes, you'll end up with extra backslashes. If you > ever see "it\'s a > lovely day" in your database, then you're escaping > the string more than > once. You shouldn't see escape characters in your > database or have to > stripslashes() anything coming out of your database > (unless you have > magic_quotes_runtime() enabled). > > -- > ---John Holmes... > > Amazon Wishlist: > www.amazon.com/o/registry/3BEXC84AB3A5E/ > > php|architect: The Magazine for PHP Professionals – > www.phparch.com > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > __________________________________ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢ http://photos.yahoo.com/ph/print_splash -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
