Posted by R. Rajesh Jeba Anbiah on 01/19/08 17:51

On Jan 18, 9:05 pm, Sebastian Lisken <Sebastian.Lis...@Uni-Bielefeld-
deletethis.de> wrote:
> Thanks a lot for your response. I have a few questions/remarks ...
>
> R. Rajesh Jeba Anbiah <ng4rrjanb...@rediffmail.com> wrote:
>
> > 1. mysql_real_escape_string() is again broken. Use prepare statements
>
> That sounds like something I should look into. Could you explain or
> point to some source on the web? I'd want to know in what sense it is
> broken, and although I glanced over PREPARE in the MySQL manual I can't
> yet see how that would resolve things. PREPARE seems to be SQL (unless
> you are referring tohttp://www.php.net/pdo-prepare) so I would still
> be wondering how to get my string from PHP over to SQL.

See http://ilia.ws/archives/103-mysql_real_escape_string-versus-Prepared-Statements.html
<snip>

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

[Back to original message]