|
|
Posted by Lars Eighner on 10/16/07 17:36
In our last episode,
<1192552332.205530.150500@v29g2000prd.googlegroups.com>, the lovely and
talented redog6@hotmail.com broadcast on comp.lang.php:
> I could use either addslashes or mysql_real_espcape_string but do I have
> to apply this to every field individually or is there a way to do it to
> all in one go? Any advice on the most suitable method and how to do it in
> one go would be greatly appreciated.
See the "best practice" example in the mysql_real_escape_string page of the
manual. Basically, you want to turn off magic quotes if you can, or test
for magic quotes and undo them if they are on in case you cannot turn them
off. You want to use mysql_real_escape_string, but only on stuff that is
going into a query and you want to use it as close to where you put the
query together as you can (mysql_real_escape_string will not work, or will
not work right unless you have established the db connection that you want
to use -- and if the link you want to use is not the one you most recently
established, you must specify the one you want to use).
--
Lars Eighner <http://larseighner.com/> <http://myspace.com/larseighner>
Countdown: 461 days to go.
What do you do when you're debranded?
Navigation:
[Reply to this message]
|