You are here: Re: mysql_real_escape_string « All PHP « IT news, forums, messages
Re: mysql_real_escape_string

Posted by Good Man on 02/23/07 23:02

MattMika <mattmika@hotmail.com> wrote in
news:t9out25kee9hgnn14r965n7nrcff37pqdq@4ax.com:


> When I execute an insert of $_POST["description"]; with the value
> O'Reilly
>
> - without mysql_real_escape_string() I get a SQL syntax error near the
> single quote.
>
> - with mysql_real_escape_string() the field is written as O'Reilly in
> the db field.
>
> I was under the impression that escaped strings would be written to
> the DB like O/'Reilly, but its not.

Hi

It's working as it should. It's escaping the single quote because as
you noted in your first point, it causes a syntax error because MySQL
interprets it as part of a command/instruction to the database.

The escape slash is there strictly for MySQL to recognize the single
quote as a part of the data you are inserting, not as part of the
command you are sending to MySQL.

You really wouldn't want "O/'Reilly" as a name in your database table if
the persons real name is "O'Reilly", would you? Then you would have to
call stripslashes(); when calling *all* your data!!!! And that would
certainly mess things up if a value in your table was "Sleater/Kinney".

As an aside, just note that if you call mysql_real_escape_string
directly on an array, it will mess up your array; use it on the VALUES
in the array as opposed to the array itself.

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация