> From: Brad Bonkoski [mailto:[EMAIL PROTECTED]
> Sent: Fri 26/05/2006 15:41
> 
> A lot has been said recently about the dangers of the family of
> magic_quotes...
> I understand the dangers.
> The question is, for those of us using a database that does not have a
> *real_escape_string function...Oracle for example.
> What is the *best* way to escape quotes for DB insertion?

Well, since Oracle escapes single-quotes with another single quote, on the few 
occasions when I actually have to escape I generally just run:
 
    $safe_str = str_replace("'", "''", $str);
 
--------------------------------------------------------------------- 
Mike Ford,  Electronic Information Services Adviser, 
Learning Support Services, Learning & Information Services, 
JG125, James Graham Building, Leeds Metropolitan University, 
Headingley Campus, LEEDS,  LS6 3QS,  United Kingdom 
Email: [EMAIL PROTECTED] 
Tel: +44 113 283 2600 extn 4730      Fax:  +44 113 283 3211 




To view the terms under which this email is distributed, please go to 
http://disclaimer.leedsmet.ac.uk/email.htm

Reply via email to