From: Yuri Yarlei > I think mysql_real_escape_string() is work well, but if > you are use mysql db, if you are using another db, the best > function is addslashes but for another special charactes > you will need treat them with another ways
Slashes are the wrong character to use. The official SQL escape is a single quote character. Some database managers accept either, but using slashes can cause more problems than they solve. Find the correct escape_string function for your database and use it. Bob McConnell -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
