Jeff, here's what I do:
1. set magic_quotes_gpc On in php.ini
* this will automatically quote all GET, POST, and COOKIE
variables - read up on magic_quotes_gpc.
2. at the top of each script, stripslashes all the COOKIE, GET,
and POST variables, since they will have been automatically
quoted by magic_quotes_gpc.
3. At the top of the the routine that INSERT's or UPDATE's fields
in the database, for all string variables invoke addslashes -
this will properly quote all characters(I think there's only 4
- single quote, double quote, NULL character, and I can't
remember what the 4th one is - look at the manual under
"addslashes"). Then you can INSERT or UPDATE the columns with
those addslash'ed values.
There's many different ways to do this, but this is what works best
for me.
--
Hardy Merrill
Mission Critical Linux, Inc.
http://www.missioncriticallinux.com
Jeff Oien [[EMAIL PROTECTED]] wrote:
> I have a form to modify a record in a MySQL database.
> The record contains this:
> 3" Brush
> The code in question is like this:
> while ($row = mysql_fetch_array($result)) {
> $desc1 = $row['desc1'];
> ------
> <input type="text" name="desc1" value="<?php echo "$desc1"; ?>">
>
> I've tried using addslashes to the variable in various ways and it
> always returns:
> 3\
> What am I doing wrong? Sorry this is probably the 1000th time
> this has been asked.
> Jeff Oien
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
Hardy Merrill
Mission Critical Linux, Inc.
http://www.missioncriticallinux.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
