Posted by Taras_96 on 02/08/07 03:21

> Just use mysql_real_escape_string(). It's a mysql function which is
> made to escape the necessary characters. And it has the added advantage
> that it is sensitive to the character set sensitive, so if you ever use
> a non-latin1 charset the chars will be handled correctly.

I tried that in the experiment (and currently do it in all of my
production code). However, what I don't understand is why using no
escaping at all and mysql_real_escape_string yields the same results.

Also, I read on the manual that you need to set the character set by
using the function 24.2.3.61. mysql_set_character_set(). Is this
correct? Why doesn't SET NAMES just set the required variable as well?

>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstuck...@attglobal.net
> ==================

• Next in forum: Re: Reading a cookie
• Prev in forum: Re: Format of session id and $_SERVER['REMOTE_ADDR']
• Thread view: Re: PHP, mysql, and escaping characters

[Reply to this message]