Bummer, mysql_escape_string() is available only in PHP 5 and up. I'm using PHP 4.3.1....
"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > --- Justin Patrin <[EMAIL PROTECTED]> wrote: > > You also shouldn't need addslashes when putting it in. quoteSmart() in > > PEAR::DB is a *much* better option. > > That's great for those who use PEAR::DB, but it's not very safe to argue > against addslashes() based on what's in a specific PEAR module. > > I would argue that something like mysql_escape_string() is better than > addslashes(), so I agree with you for the most part anyway. :-) It all > depends on what database is being used and how. > > Chris > > ===== > Chris Shiflett - http://shiflett.org/ > > PHP Security - O'Reilly > Coming Fall 2004 > HTTP Developer's Handbook - Sams > http://httphandbook.org/ > PHP Community Site > http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
