From: "Nirnimesh" <[EMAIL PROTECTED]>
> How do I replace all ' with \' in php so that I'm able to use the mysql
> queries. Note that simply using: preg_replace("/'/", "\'", -1) is not what
> I'm looking for, for this does not help me. Let's say I take the address
> from a form and want to enter it into the database as it is. Now, if the
> user enters "'" the above preg_replace will work but if the user himself
> enters "\'" , during replacing, the '\' introduced is nulled by the effect
> of the preceeding back-slash, and the mysql query becomes somthing like:
> mysq_insert ("insert into students (id, address) values (3, '\\'')");
>
> How do I get around this problem? Is there any function which helps
> to insert everything into the mysql database as it is (does
auto-escaping).
Have you looked at the functions in the MySQL chapter?
http://us2.php.net/manual/en/function.mysql-real-escape-string.php
or just addslashes().
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
