[snip]
2) By not escaping quotes in the data
...
You can do it this way but you must make sure that any strings in your
values array have been escaped before with
[/snip]
There is no quotes in the data. The data coming in is a $_POST array.
$dbmssql->dbinsert($_POST, $table);
However this did make me pull my head out of my...
[snip]
using str_replace("'", "''",$str) should work.
[/snip]
Justin's first post on PEAR::DB pointed me in the right direction. The
initial method that parses out the $_POST is where I needed to add the
quotes around the values.
I sure will be glad when I don't make these kinds of simple mistakes
anymore.
Thanks guys...
alex hogan
*************************************************************************************
The contents of this e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom it is addressed. The
views stated herein do not necessarily represent the view of the company. If you are
not the intended recipient of this e-mail you may not copy, forward, disclose, or
otherwise use it or any part of it in any form whatsoever. If you have received this
e-mail in error please e-mail the sender.
*************************************************************************************
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
