2013/3/18 Ken Robinson <kenrb...@rbnsn.com> > > > On 18.03.2013 09:10, Norah Jones wrote: > >> I am having an string which was have few ' (single quote) and few " >> (double quotes) and was not able to insert into the mysql database. I >> have replaced them with \' and \" and everything is fine. >> Though this are fine now but don't understand the working and I could >> have missed few corner cases also. Please suggest the working and also >> if there is some better way to achieve this. >> > > You should be using either mysql_real_escape_string or > mysqli_real_escape_string (preferably the later) depending on how you're > accessing the DB.
You shouldn't use ext/mysql at all! Use prepared statements with PDO_MYSQL or MySQLi > > > Ken > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- github.com/KingCrunch
