|
Posted by Ben Ramsey on 10/19/90 11:24
Dan Baker wrote:
> You are looking for the "addslashes" function. It prepares data for
> database querys:
Better yet, don't use addslashes(). Use the escaping function that is
specific to the database you're using. In this case, it's
mysql_real_escape_string(). This is much better than using addslashes()
because it takes into account the current character set of the database
connection.
http://www.php.net/mysql_real_escape_string
> Also, you will need to use the "removeslashes" function when you get data
> from a query.
If you properly store data to a database, you should never have to use
the stripslashes() function. Using stripslashes() will remove slashes
that were intended to be in the output. Hint: turn off magic_quotes_gpc.
--
Ben Ramsey
http://benramsey.com/
Navigation:
[Reply to this message]
|