Re: [PHP] how to handle inserting special characters into a mysql field

On Saturday 15 December 2007 18:59:12 Richard Lynch wrote: On Fri, December 14, 2007 11:03 am, Adam Williams wrote: $query = sprintf(SELECT * FROM users WHERE user='%s' AND password='%s', mysql_real_escape_string($user), mysql_real_escape_string($password));

Re: [PHP] how to handle inserting special characters into a mysql field

On Fri, December 14, 2007 11:03 am, Adam Williams wrote: $query = sprintf(SELECT * FROM users WHERE user='%s' AND password='%s', mysql_real_escape_string($user), mysql_real_escape_string($password)); and I understand it uses the %s because of sprintf(), to indicate

Re: [PHP] how to handle inserting special characters into a mysql field

On Saturday 15 December 2007 18:59:12 Richard Lynch wrote: On Fri, December 14, 2007 11:03 am, Adam Williams wrote: $query = sprintf(SELECT * FROM users WHERE user='%s' AND password='%s', mysql_real_escape_string($user), mysql_real_escape_string($password));

[PHP] how to handle inserting special characters into a mysql field

I'm going to be inserting data from a PHP form into a mysql field. The data could contain special characters like ' \ /, etc. How do I handle that? just $data = addslashes(htmlspecialchars($data)); before the insert query? because later on the data will be read back from the mysql db

RE: [PHP] how to handle inserting special characters into a mysql field

[snip] I'm going to be inserting data from a PHP form into a mysql field. The data could contain special characters like ' \ /, etc. How do I handle that? just $data = addslashes(htmlspecialchars($data)); before the insert query? because later on the data will be read back from the

Re: [PHP] how to handle inserting special characters into a mysql field

Bastien Koert wrote: use mysql_real_escape_string bastien Date: Fri, 14 Dec 2007 08:40:47 -0600 From: [EMAIL PROTECTED] To: php-general@lists.php.net Subject: [PHP] how to handle inserting special characters into a mysql field I'm going to be inserting data from a PHP form

RE: [PHP] how to handle inserting special characters into a mysql field

use mysql_real_escape_string bastien Date: Fri, 14 Dec 2007 08:40:47 -0600 From: [EMAIL PROTECTED] To: php-general@lists.php.net Subject: [PHP] how to handle inserting special characters into a mysql field I'm going to be inserting data from a PHP form into a mysql field. The data

Re: [PHP] how to handle inserting special characters into a mysql field

On Fri, December 14, 2007 8:40 am, Adam Williams wrote: I'm going to be inserting data from a PHP form into a mysql field. The data could contain special characters like ' \ /, etc. How do I handle that? just $data = addslashes(htmlspecialchars($data)); before the insert query? because

Re: [PHP] how to handle inserting special characters into a mysql field

Thanks for all the replies everyone. I have a question on mysql_real_escape_string(). The PHP example page shows: $query = sprintf(SELECT * FROM users WHERE user='%s' AND password='%s', mysql_real_escape_string($user), mysql_real_escape_string($password)); and I

Re: [PHP] how to handle inserting special characters into a mysql field

On Fri, 2007-12-14 at 11:03 -0600, Adam Williams wrote: Thanks for all the replies everyone. I have a question on mysql_real_escape_string(). The PHP example page shows: $query = sprintf(SELECT * FROM users WHERE user='%s' AND password='%s', mysql_real_escape_string($user),