Hey all,
I am curious how one accounts for all possible quirks that may result from
textual form inputs when inserting or updating the results into the database.
For instance, if a form has <input type="text"> and/or <textarea> inputs,
how do you treat the results of those inputs to safely insert them into the
database, to correct for 'single quotes, "double quotes, \slashes, etc etc
etc.
I tried using urlencode, which fixed some things, but didn't fix the
problems resulting from the quotes. I tried stripslashes, which didn't
seem to fix everything, either.
So, in other words, I have a form with some inputs, named perhaps text1 and
text2.
Then, when they submit the form, I want to insert or update that entry with
those values, like..
UPDATE tblStuff SET txtText1='".urlencode($text1)."',
txtText2='".urlencode($text2)."'";
or something like that..
Can anyone fill me in on what the proper string formatting function or
functions are to do this?
Thanks a lot!
-Mike Flynn
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
