On Thu, 2007-10-04 at 10:55 -0700, Warren Vail wrote:
> Rob,
>
> Your opinion would have meant more had you offered a solution. The only
> hole that I am aware of is the likelihood that the imbedded query could get
> executed accidentally later.
>
> If the database is mysql, there is finally a m
-Original Message-
From: Robert Cummings [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 04, 2007 10:28 AM
To: Warren Vail
Cc: 'Yamil Ortega'; php-general@lists.php.net
Subject: RE: [PHP] inserting ´ in a db
On Thu, 2007-10-04 at 10:18 -0700, Warren Vail wrote:
> You need
On Thu, 2007-10-04 at 10:18 -0700, Warren Vail wrote:
> You need to escape the single quote, an easy way to do this is to run the
> text thru the addslashes() filter. Obviously you can't run your entire
> query thru the filter thru the filter because most of your quotes need to be
> identified by
iginal Message-
From: Yamil Ortega [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 03, 2007 7:45 PM
To: php-general@lists.php.net
Subject: [PHP] inserting ´ in a db
Hi list, good day.
I have a simple script that inserts text on a mysql table, that has a field
named description and the type
Pick one:
http://si2.php.net/manual/en/function.htmlentities.php
http://si2.php.net/manual/en/function.addslashes.php
http://si.php.net/mysql_escape_string
Aleksandar
Yamil Ortega wrote:
Hi list, good day.
I have a simple script that inserts text on a mysql table, that has a field
named de
On Wednesday 03 October 2007, Tom Swiss wrote:
> [EMAIL PROTECTED] (Chris) writes:
> > > Everting works fine, except when I try to insert a text that includes a
> > > simple quote.
> >
> > http://www.php.net/mysql_real_escape_string
>
> I'll see you that and raise you PEAR's database interface
[EMAIL PROTECTED] (Chris) writes:
> > Everting works fine, except when I try to insert a text that includes a
> > simple quote.
> http://www.php.net/mysql_real_escape_string
I'll see you that and raise you PEAR's database interfaces:
http://pear.php.net/package/DB - especially DB_common:
Yamil Ortega wrote:
Hi list, good day.
I have a simple script that inserts text on a mysql table, that has a field
named description and the type is text.
Everting works fine, except when I try to insert a text that includes a
simple quote.
For example
Yamil´s car
http://www.php.n
There are any number of elements to try
htmlspecialchars
mysql_real_escape_string
addslashes
RTFM and see what works best for your situation
bastien> From: [EMAIL PROTECTED]> To: php-general@lists.php.net> Date: Thu, 4
Oct 2007 11:44:34 +0900> Subject: [PHP] inserting ´ i
Hi list, good day.
I have a simple script that inserts text on a mysql table, that has a field
named description and the type is text.
Everting works fine, except when I try to insert a text that includes a
simple quote.
For example
Yamil´s car
I send the character string to a varia
10 matches
Mail list logo
