-> rentAweek,
rL> In my PHP script I have coded e.g.:
rL> $sql = "INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES (
rL> '$firstname' , '$lastname' )";
rL> $result = mysql_query($sql);
rL> So along comes e.g. John O'Groats and nothing gets inserted into the
rL> database.
rL> OK, I can
OK, I can bypass my oversight by stripping out apostophes from the
variable values. There has to be a better way please.
Turn on Magic Quotes GPC or use the addslashes() function. Or, if you
want to be more precise and MySQL-specific, use the
mysql_escape_string() or mysql_real_escape_string() f
and , you need to escape the values that you are inputing
ie. htmlspecialchars() or htmlentities() those values
Jim
- Original Message -
From: "rentAweek Ltd" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 22, 2003 9:50 AM
Subject: [PHP] Separat
On Sat, 22 Mar 2003 17:50:30 +, you wrote:
>OK, I can bypass my oversight by stripping out apostophes from the
>variable values. There has to be a better way please.
http://www.php.net/manual/en/function.mysql-escape-string.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscr
you must remove the backticks.
Jim
- Original Message -
From: "rentAweek Ltd" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 22, 2003 9:50 AM
Subject: [PHP] Separators in variable values causing MySQL commands to fail
> In my PHP script I h
In my PHP script I have coded e.g.:
$sql = "INSERT INTO `$owners` ( `FirstName`, `LastName`) VALUES (
'$firstname' , '$lastname' )";
$result = mysql_query($sql);
So along comes e.g. John O'Groats and nothing gets inserted into the
database.
OK, I can bypass my oversight by stripping out apost
6 matches
Mail list logo
