|
|
Posted by Christoph Burschka on 11/20/06 17:13
Michael Fesser wrote:
> .oO(Steve)
>
>> "Christoph Burschka" <christoph.burschka@rwth-aachen.de> wrote in message
>> news:4rtdltFsphjiU1@mid.dfncis.de...
>>
>> sure, if you want to piss off or otherwise confuse users...by all means,
>> make assumptions about what they want to store! the correct answer here is
>> to ENCAPSULATE single quotes, NOT to remove them outright!!!
>
> ACK
>
> That's what mysql_real_escape_string() is for.
>
> Of course even better would be to use the PDO extension (if available)
> and prepared statements.
>
> Micha
Thanks - I didn't know that function yet. I haven't got the hang of
encapsulating so I often just take the easy way out and remove them entirely.
Indeed, that does cause problems when the data contains single quotes too.
--
Christoph Burschka
Navigation:
[Reply to this message]
|