Hi,
I am getting some input from a client in a text area, the input is an sql
statement, so I am using addslashes but the damn thing is not working...any
idea why?
Heres my code:
if(isset($_POST['the_sql_command']))
{
$the_sql_command=$_POST['the_sql_command'];
$the_sql_command=addslashes($the_sql_command);
}else{$the_sql_command="none";}
I tested it out by entering this sql into the database:
insert into testing_table values('bill o'reilly')
Opening phpmyadmin I looked in the able and there are no slashes being
applied.....!!????
just this: insert into testing_table values('bill o'reilly')
(and yes, I did try this too:
$the_sql_command=addslashes($_POST['the_sql_command']); )
What am I missing?
Cheers,
-Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
