On Wed, 30 Jun 2004 15:41:42 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote: > > Bummer, mysql_escape_string() is available only in PHP 5 and up. I'm using > PHP 4.3.1....
I know that it's not. Where are you seeing that? According to the manual: http://us3.php.net/manual/en/function.mysql-escape-string.php mysql_escape_string (PHP 4 >= 4.0.3, PHP 5) > > "Chris Shiflett" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > > > --- Justin Patrin <[EMAIL PROTECTED]> wrote: > > > You also shouldn't need addslashes when putting it in. quoteSmart() in > > > PEAR::DB is a *much* better option. > > > > That's great for those who use PEAR::DB, but it's not very safe to argue > > against addslashes() based on what's in a specific PEAR module. > > > > I would argue that something like mysql_escape_string() is better than > > addslashes(), so I agree with you for the most part anyway. :-) It all > > depends on what database is being used and how. > > > > Chris > > > > ===== > > Chris Shiflett - http://shiflett.org/ > > > > PHP Security - O'Reilly > > Coming Fall 2004 > > HTTP Developer's Handbook - Sams > > http://httphandbook.org/ > > PHP Community Site > > http://phpcommunity.org/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > !DSPAM:40e31590154591440146407! > > -- paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
