On Fri, Apr 27, 2001 at 11:56:08AM -0400, Don Pro wrote:
> $queryID = mysql_query("SELECT Country, Agent FROM Ports
> WHERE Portname = '$portname'");
>
> My question is, if the variable $portname has the ' character within in,
> will this cause an error in my select statement? If the answer is
> "Yes", can someone give me a more robust way of writing it using PHP?
Yes. You could try this
$queryID = mysql_query("SELECT Country, Agent FROM Ports
WHERE Portname='".addslashes($portname)."'");
--
Jason Stechschulte
[EMAIL PROTECTED]
--
Suppose you're working on an optimizer to render \X unnecessary (or
rather, redundant, which isn't the same thing in my book).
-- Larry Wall in <[EMAIL PROTECTED]>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
