Reply to Re: A query from $_POST using foreach — All PHP

Posted by Christoph Burschka on 11/20/06 17:13

Michael Fesser wrote:
> .oO(Steve)
>
>> "Christoph Burschka" <christoph.burschka@rwth-aachen.de> wrote in message
>> news:4rtdltFsphjiU1@mid.dfncis.de...
>>
>> sure, if you want to piss off or otherwise confuse users...by all means,
>> make assumptions about what they want to store! the correct answer here is
>> to ENCAPSULATE single quotes, NOT to remove them outright!!!
>
> ACK
>
> That's what mysql_real_escape_string() is for.
>
> Of course even better would be to use the PDO extension (if available)
> and prepared statements.
>
> Micha

Thanks - I didn't know that function yet. I haven't got the hang of
encapsulating so I often just take the easy way out and remove them entirely.
Indeed, that does cause problems when the data contains single quotes too.

--
Christoph Burschka

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация