Re: [PHP-DB] Inserting a ' into mySQL

2004-08-23 Thread Jonathan Haddad 
use mysql_escape_string.
http://us3.php.net/manual/en/function.mysql-escape-string.php
Jon
Ron Piggott wrote:
I have begun to create a Christian Ministry Directory.  It is on the
ministry web site I am building at
http://www.actsministries.org/ministrydirectory/ .
One of the problems I am now having is if the user types an ' into their
entry --- these ones do not get saved into the mySQL database.
The line of code that inserts into the mySQL database matches the web site
fields ---
INSERT INTO ministrydirectory VALUES ('$ministry_name', '$address_line_1',
'$address_line_2', '$city', '$province_state_county', '$country',
'$postal_zip_code', '$phone', '$fax', '$web_site', '$e_mail',
'$date_updated')";
I can look at this and understand that if an ' is keyed why it wouldn't save
and that line would create an error --- How do you work around this?
Ron
 

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] Inserting a ' into mySQL

2004-08-20 Thread Ford, Mike [LSS] 
> -Original Message-
> From: Ron Piggott
> Sent: 21/08/04 01:53

[]

> One of the problems I am now having is if the user types an ' into their
> entry --- these ones do not get saved into the mySQL database.

[]

> I can look at this and understand that if an ' is keyed why it wouldn't save 
> and that line would create an error --- How do you work around this? 

That's what mysql_real_escape_string() is for -- 
http://www.php.net/mysql_real_escape_string.

Cheers!

Mike

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-DB] Inserting a ' into mySQL

2004-08-20 Thread Ron Piggott 

I have begun to create a Christian Ministry Directory.  It is on the
ministry web site I am building at
http://www.actsministries.org/ministrydirectory/ .

One of the problems I am now having is if the user types an ' into their
entry --- these ones do not get saved into the mySQL database.

The line of code that inserts into the mySQL database matches the web site
fields ---

INSERT INTO ministrydirectory VALUES ('$ministry_name', '$address_line_1',
'$address_line_2', '$city', '$province_state_county', '$country',
'$postal_zip_code', '$phone', '$fax', '$web_site', '$e_mail',
'$date_updated')";

I can look at this and understand that if an ' is keyed why it wouldn't save
and that line would create an error --- How do you work around this?

Ron

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php