Clicked on the search query on php.net and got to one website after another which then lead to this website....
http://us4.php.net/manual/en/function.mysqli-real-escape-string.php Now, I see the problem, the "i" was added to the word, "mysql"..... So, probably clicked on the wrong link somewhere because it is hard to read the i after the l..... Scott F. "Justin Patrin" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Wed, 30 Jun 2004 15:41:42 -0400, Scott Fletcher <[EMAIL PROTECTED]> wrote: > > > > Bummer, mysql_escape_string() is available only in PHP 5 and up. I'm using > > PHP 4.3.1.... > > I know that it's not. Where are you seeing that? According to the manual: > http://us3.php.net/manual/en/function.mysql-escape-string.php > > mysql_escape_string > (PHP 4 >= 4.0.3, PHP 5) > > > > > "Chris Shiflett" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > > > > > --- Justin Patrin <[EMAIL PROTECTED]> wrote: > > > > You also shouldn't need addslashes when putting it in. quoteSmart() in > > > > PEAR::DB is a *much* better option. > > > > > > That's great for those who use PEAR::DB, but it's not very safe to argue > > > against addslashes() based on what's in a specific PEAR module. > > > > > > I would argue that something like mysql_escape_string() is better than > > > addslashes(), so I agree with you for the most part anyway. :-) It all > > > depends on what database is being used and how. > > > > > > Chris > > > > > > ===== > > > Chris Shiflett - http://shiflett.org/ > > > > > > PHP Security - O'Reilly > > > Coming Fall 2004 > > > HTTP Developer's Handbook - Sams > > > http://httphandbook.org/ > > > PHP Community Site > > > http://phpcommunity.org/ > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > !DSPAM:40e31590154591440146407! > > > > > > > -- > paperCrane --Justin Patrin-- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
