You are here: RE: [PHP] basic user/input form questions... more validation! « PHP « IT news, forums, messages
RE: [PHP] basic user/input form questions... more validation!

Posted by "bruce" on 10/21/78 11:27

one more question/issue...

the mysql_real_escape function escapes with a'\' which works for mysql, but isn't standard ansi... is there another function that does the same thing, but uses the ansi standard "'". also, if there is another function, does it also work with mysql??

thanks

-bruce


-----Original Message-----
From: Jasper Bryant-Greene [mailto:jasper@bryant-greene.name]
Sent: Thursday, September 22, 2005 4:39 PM
To: php-general@lists.php.net
Subject: Re: [PHP] basic user/input form questions... more validation!


bruce wrote:
> not sure i agree with this one.. if i put "foo \' cat" in a db tbl...
> i expect that i'll get the same out... which is what some of the articles
> i've seen have stated.. are you telling me, and are you sure, that i'd get
> "foo ' cat" out instead!!????
>
> the articles i've seen imply that if you addslashes, you also need to
> stripslashes on the backend...

With all due respect, you are demonstrating a fundamental lack of
understanding of the principle of escaping anything...

The point of escaping the quote mark is so that it looks *exactly like a
quote mark* to MySQL, rather than like the delimiter for a string value.

MySQL treats the character sequence \' as ' when inside a string value.

When you SELECT the data at the other end, MySQL will not give you the
slashes, because the slashes are not stored in the database table.

If you do run stripslashes() on the output, you will lose data in some
situations. So don't.

Hope that made sense and helped...
--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация