Re: [PHP] how to handle inserting special characters into a mysql field

> On Saturday 15 December 2007 18:59:12 Richard Lynch wrote: > > On Fri, December 14, 2007 11:03 am, Adam Williams wrote: > > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND > > > password='%s'", > > > mysql_real_escape_string($user), > > > mysql_real_escape_stri

Re: [PHP] how to handle inserting special characters into a mysql field

On Saturday 15 December 2007 18:59:12 Richard Lynch wrote: > On Fri, December 14, 2007 11:03 am, Adam Williams wrote: > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND > > password='%s'", > > mysql_real_escape_string($user), > > mysql_real_escape_string($password

Re: [PHP] how to handle inserting special characters into a mysql field

On Fri, December 14, 2007 11:03 am, Adam Williams wrote: > $query = sprintf("SELECT * FROM users WHERE user='%s' AND > password='%s'", > mysql_real_escape_string($user), > mysql_real_escape_string($password)); > > and I understand it uses the %s because of sprintf(), to indi

Re: [PHP] how to handle inserting special characters into a mysql field

On Fri, 2007-12-14 at 11:03 -0600, Adam Williams wrote: > Thanks for all the replies everyone. I have a question on > mysql_real_escape_string(). The PHP example page shows: > > $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'", > mysql_real_escape_string($use

Re: [PHP] how to handle inserting special characters into a mysql field

Thanks for all the replies everyone. I have a question on mysql_real_escape_string(). The PHP example page shows: $query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'", mysql_real_escape_string($user), mysql_real_escape_string($password)); and I unders

Re: [PHP] how to handle inserting special characters into a mysql field

On Fri, December 14, 2007 8:40 am, Adam Williams wrote: > I'm going to be inserting data from a PHP form into a mysql field. > The > data could contain special characters like < > ' " \ /, etc. How do I > handle that? just $data = addslashes(htmlspecialchars($data)); before > the insert query? b

Re: [PHP] how to handle inserting special characters into a mysql field

Bastien Koert wrote: > use mysql_real_escape_string > > bastien >> Date: Fri, 14 Dec 2007 08:40:47 -0600> From: [EMAIL PROTECTED]> To: >> php-general@lists.php.net> Subject: [PHP] how to handle inserting special >> characters into a mysql field> > I'm going to be inserting data from a PHP >>

RE: [PHP] how to handle inserting special characters into a mysql field

use mysql_real_escape_string bastien > Date: Fri, 14 Dec 2007 08:40:47 -0600> From: [EMAIL PROTECTED]> To: > php-general@lists.php.net> Subject: [PHP] how to handle inserting special > characters into a mysql field> > I'm going to be inserting data from a PHP > form into a mysql field. The >

RE: [PHP] how to handle inserting special characters into a mysql field

[snip] I'm going to be inserting data from a PHP form into a mysql field. The data could contain special characters like < > ' " \ /, etc. How do I handle that? just $data = addslashes(htmlspecialchars($data)); before the insert query? because later on the data will be read back from the my