On Monday 12 January 2004 13:25, Ryan A wrote: > > addslashes() _enables_ you to enter stuff which contains > >quotes into the DB properly, but the slashes are obviously not part of the > >data and hence not stored. > > * > but the whole sql statement is part of the data right? I mean I am saving > the whole > sql statement for later use into the db
In this case, yes, the whole sql statement is the data that is to be entered into the DB. But when you come to use the sql statement the data bit is "bill o'reilly" and that needs to have another addslashes() on it. Effectively, you want it looking like this when you first insert it: insert into testing_table values(\'bill o\\\'reilly\') > >To do want you want to do, you can try addslashes() on the data bit (ie: > > bill > > >o'reilly), then addslashes() again on the entire $the_sql_command. > > * > How do I do this? I have no idea how to separate the data bit easily. Furthermore it all depends on what kind of sql statements you will be accepting. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ /* In defeat, unbeatable; in victory, unbearable. -- W. Churchill, on General Montgomery */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
