Adam Williams wrote:
In my form, I am parsing all the text inputs through
mysql_real_escape_string() before inserting the data. however, when I
look at the SQL query in PHP, when I type the word blah's to my text box
variable, and then insert it into mysql after being ran through
On 1/3/08, Adam Williams [EMAIL PROTECTED] wrote:
In my form, I am parsing all the text inputs through
mysql_real_escape_string() before inserting the data. however, when I
look at the SQL query in PHP, when I type the word blah's to my text box
variable, and then insert it into mysql after
when I type the word blah's to my text box
variable, and then insert it into mysql after being ran through
mysql_real_escape_string(), it does:
insert into contract (contract_id, responsibility) VALUES (15, 'blah\\\'s')
It looks like magic quotes is turned on. Take a look at
On Thu, January 3, 2008 1:22 pm, Adam Williams wrote:
In my form, I am parsing all the text inputs through
mysql_real_escape_string() before inserting the data. however, when I
look at the SQL query in PHP, when I type the word blah's to my text
box
variable, and then insert it into mysql
lots of ways to handle this
use HTMLentities($string) to convert the apostrophes
use addslashes($string) to escape them
use mysql_real_escape_string($string) to escape them
the last is my preferred method
bastien Date: Thu, 3 Jan 2008 13:22:09 -0600 From: [EMAIL PROTECTED] To:
5 matches
Mail list logo