Hi,
Thanks for replying.
*
> addslashes() _enables_ you to enter stuff which contains
>quotes into the DB properly, but the slashes are obviously not part of the
>data and hence not stored.
*
but the whole sql statement is part of the data right? I mean I am saving
the whole
sql statement for later use into the db
*
>To do want you want to do, you can try addslashes() on the data bit (ie:
bill
>o'reilly), then addslashes() again on the entire $the_sql_command.
*
How do I do this?
Thanks,
-Ryan
On Monday 12 January 2004 12:31, Ryan A wrote:
> I am getting some input from a client in a text area, the input is an sql
> statement, so I am using addslashes but the damn thing is not
working...any
> idea why?
>
> Heres my code:
>
> if(isset($_POST['the_sql_command']))
> {
> $the_sql_command=$_POST['the_sql_command'];
> $the_sql_command=addslashes($the_sql_command);
> }else{$the_sql_command="none";}
>
> I tested it out by entering this sql into the database:
> insert into testing_table values('bill o'reilly')
>
> Opening phpmyadmin I looked in the able and there are no slashes being
> applied.....!!????
> just this: insert into testing_table values('bill o'reilly')
>
>
> (and yes, I did try this too:
> $the_sql_command=addslashes($_POST['the_sql_command']); )
>
>
> What am I missing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
