|
|
Posted by Rik Wasmus on 10/17/07 11:44
On Tue, 16 Oct 2007 19:01:47 +0200, Good Man <heyho@letsgo.com> wrote:
> "Rik Wasmus" <luiheidsgoeroe@hotmail.com> wrote in
> news:op.t0autvy75bnjuv@metallium.lan:
>
>> On Tue, 16 Oct 2007 18:32:12 +0200, <redog6@hotmail.com> wrote:
>>
>>> Hi
>>> I have a webform with many free text fields and have a problem with
>>> apostrophes and single quotes as this breaks the mysql query string.
>>>
>>> I obviously need to escape these characters - magic_quotes_gpc sounds
>>> ideal but is not an option as I don't have access to the php.ini file
>>> and it is currently set to 0.
>>>
>>> I could use either addslashes or mysql_real_espcape_string but do I
>>> have to apply this to every field individually or is there a way to do
>>> it to all in one go?
>>> Any advice on the most suitable method and how to do it in one go
>>> would be greatly appreciated.
>>
>>
>> http://www.php.net/array_map is your friend.
>
> just make sure not to apply it to form variables which are arrays!
Indeed, Good Practise would to be leave those arrays always 'as is' and
intact (hence magic_guotes are evil), and just copy the data you need from
it.
--
Rik Wasmus
Navigation:
[Reply to this message]
|