|
|
Posted by fiziwig on 03/12/06 09:16
I had the same problem with putting author names in a MySQL database
when I got the name O'Henry. I found this in Ullman's book "PHP and
MySQL": It fixed my problem right up. BTW: This is my first MySQL
project so I'm just a beginner. Take my advice with a large grain of
salt. That said, it does work.
In main code
....
$dbc = mysql_connect( ...etc...);
....
$questionable_data=$_POST['some_form_data'];
$good_data = escape_data( $questionable_data );
....
....defined elsewhere...
function escape_data ($data) {
// address Magic Quotes
if (ini_get('magic_quotes_gpc')) {
$data = stripslashes($data);
}
// Check for mysql_real_escape_string() support
if (function_exists('mysql_real_escape_string')) {
global $dbc;
$data = mysql_real_escape_string(trim($data), $dbc);
} else {
$data = mysql_escape_string(trim($data));
}
return $data
} // end escape_data function
--gary shannon
Navigation:
[Reply to this message]
|