Posted by Sanders Kaufman on 08/09/07 21:55

ZeldorBlat wrote:
> On Aug 9, 6:42 am, Sanders Kaufman <bu...@kaufman.net> wrote:
>> I just found out that an app I wrote doesn't allow the user to input
>> apostrophes into the textarea. If they do, the insert/update fails.
>>
>> I'm sure this issue has been done to death - but it's the first time
>> it's come up for me.
>>
>> What I'm doing is something like this:
>>
>> function UpdateRecord($iID, $sContent) {
>> $sSQL = "UPDATE MyTable SET content='$sContent' where id=$iID";
>> $bSuccess = RunSQL($sSQL);
>> return $bSuccess;
>>
>> }
>>
>> Is there a simple escape command, or am I going to have to get all into
>> writing some complex handler for apostrophes and whatnot.
>
> Yes. But you haven't said which database you're using. If you're
> using MySQL you want mysql_real_escape_string().

Thanks - I'll look into that and addslashes.
BTW - did you notice the subject line of this post? :)

• Next in forum: Re: Escaping for PHP and MySQL
• Prev in forum: Re: correctly getting utf8 characters in the content of an e-mail
• Thread view: Re: Escaping for PHP and MySQL

[Reply to this message]