|
|
Posted by Jerry Stuckle on 03/16/07 12:57
peter wrote:
>> That would give a PHP syntax error. He's getting a MySQL error.
>
> If for example in the php code he has the following:-
>
> $sql = "insert into canton ( big5, thekey, changjei, canton, touched )
> values ('\','BAY ','MGPP ','PEI ',0)"
>
> then no it will not create a php parse error it will have an sql error like
> he has as \' is an escaped single quotation mark thus the closing quotation
> mark is the 1 directly before BAY
>
>
That's true if the entire string is includes in double quotes. But that
isn't at all clear in the original statement. But you're probably right.
One fact remains - mysql_real_escape_string should be taking care of this.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|