2013/3/18 Ken Robinson <kenrb...@rbnsn.com>
> On 18.03.2013 09:10, Norah Jones wrote:
>> I am having an string which was have few ' (single quote) and few "
>> (double quotes) and was not able to insert into the mysql database. I
>> have replaced them with \' and \" and everything is fine.
>> Though this are fine now but don't understand the working and I could
>> have missed few corner cases also. Please suggest the working and also
>> if there is some better way to achieve this.
> You should be using either mysql_real_escape_string or
> mysqli_real_escape_string (preferably the later) depending on how you're
> accessing the DB.
You shouldn't use ext/mysql at all!
Use prepared statements with PDO_MYSQL or MySQLi
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php