Re: A query from $_POST using foreach — All PHP

You are here: Re: A query from $_POST using foreach « All PHP « IT news, forums, messages

Posted by Michael Fesser on 11/15/06 18:52

..oO(Steve)

>"Christoph Burschka" <christoph.burschka@rwth-aachen.de> wrote in message
>news:4rtdltFsphjiU1@mid.dfncis.de...
>
>sure, if you want to piss off or otherwise confuse users...by all means,
>make assumptions about what they want to store! the correct answer here is
>to ENCAPSULATE single quotes, NOT to remove them outright!!!

ACK

That's what mysql_real_escape_string() is for.

Of course even better would be to use the PDO extension (if available)
and prepared statements.

Micha

Navigation:

Next in forum: sidestepping missing functions
Prev in forum: Re: Passing a variable between pages or scripts
Thread view: Re: A query from $_POST using foreach

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация