lots of ways to handle this
use HTMLentities($string) to convert the apostrophes
use addslashes($string) to escape them
use mysql_real_escape_string($string) to escape them
the last is my preferred method
bastien> Date: Thu, 3 Jan 2008 13:22:09 -0600> From: [EMAIL PROTECTED]> To:
php-gene
On Thu, January 3, 2008 1:22 pm, Adam Williams wrote:
> In my form, I am parsing all the text inputs through
> mysql_real_escape_string() before inserting the data. however, when I
> look at the SQL query in PHP, when I type the word blah's to my text
> box
> variable, and then insert it into mysq
Adam Williams wrote:
> In my form, I am parsing all the text inputs through
> mysql_real_escape_string() before inserting the data. however, when I
> look at the SQL query in PHP, when I type the word blah's to my text box
> variable, and then insert it into mysql after being ran through
> mysql_r
> when I type the word blah's to my text box
> variable, and then insert it into mysql after being ran through
> mysql_real_escape_string(), it does:
>
> insert into contract (contract_id, responsibility) VALUES (15, 'blah\\\'s')
It looks like magic quotes is turned on. Take a look at
http://us2.p
On 1/3/08, Adam Williams <[EMAIL PROTECTED]> wrote:
>
> In my form, I am parsing all the text inputs through
> mysql_real_escape_string() before inserting the data. however, when I
> look at the SQL query in PHP, when I type the word blah's to my text box
> variable, and then insert it into mysql
5 matches
Mail list logo
