Reply to Re: A query from $_POST using foreach

Your name:

Reply:


Posted by Michael Fesser on 11/15/06 18:52

..oO(Steve)

>"Christoph Burschka" <christoph.burschka@rwth-aachen.de> wrote in message
>news:4rtdltFsphjiU1@mid.dfncis.de...
>
>sure, if you want to piss off or otherwise confuse users...by all means,
>make assumptions about what they want to store! the correct answer here is
>to ENCAPSULATE single quotes, NOT to remove them outright!!!

ACK

That's what mysql_real_escape_string() is for.

Of course even better would be to use the PDO extension (if available)
and prepared statements.

Micha

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация