Andrew Ballard wrote:
> On Wed, May 6, 2009 at 2:25 PM, Shawn McKenzie <> wrote:
>> Igor Escobar wrote:
>>> Yeah yeah, i understood that, but, the point is... i sad previously, my
>>> function is not tied to any database.
>>> Is a generic function, i dont know who be use this, so i don't know, what is
>>> your data base so, i can't use functions like mysql_real_scape_string etc...
>> Then the best you can do is replace mysql_real_scape_string() with
>> addslashes() or possibly addcslashes() and build your own list.
> You can't just use addslashes() or addcslashes(). You have to know
> what database you are using because the escape sequences are
> different.  In MySQL, single quote characters are escaped by a
> backslash. In SQL Server, they are escaped by doubling them.
> There are a lot of libraries available that already do this. If
> someone wants to write yet another one, it would probably be
> worthwhile to dissect some of those existing libraries to see how they
> handle work under the hood.
> Andrew

Good points.  I haven't had much experience with any DB other than mysql
or sqlite.  Without knowing the DB, you'll either need to use one of
these libraries or convert the chars to something else like html entities.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to