Hello, This is a reply to an e-mail that you wrote on Tue, 22 Jul 2003 at 20:36, lines prefixed by '>' were originally written by you. > Hello, > I am running a test server and a live system. both do have the same > php > version running. > The test system however does not report a db error if I try to insert > string containing a ' > The live system does. > As I learned from php.ini magic quotes are turned off on both systems. > what could be the cause?
Are you escaping all strings that are used in db queries with the appropiate function for your database server, e.g. for mySql, mysql_escape_string() <http://uk2.php.net/mysql_escape_string> David -- phpmachine :: The quick and easy to use service providing you with professionally developed PHP scripts :: http://www.phpmachine.com/ Professional Web Development by David Nicholson http://www.djnicholson.com/ QuizSender.com - How well do your friends actually know you? http://www.quizsender.com/ (developed entirely in PHP) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
