7;";
>
> mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
> '%s')", $_POST['formvalue']));
>
> Something that we are missing out here?
>
>
> -Original Message-
> From: Richard Lynch [mailto:[EMAIL PROTECTED]
&
On Monday 07 August 2006 19:39, Peter Lauri wrote:
> [snip]My guess: magic_quotes_gpc is enabled where you're running the
> script. Therefore slashes are already present in the data from the form
> post.[/snip]
>
> Should I turn it off? Adding slashes and mysql_real_escape_string is not
> exactly t
[snip]My guess: magic_quotes_gpc is enabled where you're running the script.
Therefore slashes are already present in the data from the form post.[/snip]
Should I turn it off? Adding slashes and mysql_real_escape_string is not
exactly the same thing, correct?
/Peter
--
PHP General Mailing List
ing that we are missing out here?
My guess: magic_quotes_gpc is enabled where you're running the script.
Therefore slashes are already present in the data from the form post.
-Original Message-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 5:54 AM
To: P
essage-
From: Richard Lynch [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 08, 2006 5:54 AM
To: Peter Lauri
Cc: php-general@lists.php.net
Subject: Re: [PHP] Mixing sprintf and mysql_real_escape_string
On Mon, August 7, 2006 12:35 pm, Peter Lauri wrote:
> I get strange output if I combine sprin
On Mon, August 7, 2006 12:35 pm, Peter Lauri wrote:
> I get strange output if I combine sprintf and
> mysql_real_escape_string. If I
> do this the resulting into the database is \' not ' as I want.
>
> mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1,
> '%s')",
> mysql_real_escape_
Hi,
I get strange output if I combine sprintf and mysql_real_escape_string. If I
do this the resulting into the database is \' not ' as I want.
mysql_query(sprintf("INSERT INTO table (value1, value2) VALUES (1, '%s')",
mysql_real_escape_string(" ' ")));
Should this be like this? Do the sprintf a
7 matches
Mail list logo
