[snip] I'm going to be inserting data from a PHP form into a mysql field. The data could contain special characters like < > ' " \ /, etc. How do I handle that? just $data = addslashes(htmlspecialchars($data)); before the insert query? because later on the data will be read back from the mysql db and I don't want it to contain a special character that would break the PHP script. [/snip]
I would use http://us3.php.net/mysql_real_escape_string -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
