Reply to Re: PHP MySQL insert — PHP — IT news, forums, messages

Posted by Ben Ramsey on 10/20/90 11:24

Dan Baker wrote:
> You are looking for the "addslashes" function. It prepares data for
> database querys:

Better yet, don't use addslashes(). Use the escaping function that is
specific to the database you're using. In this case, it's
mysql_real_escape_string(). This is much better than using addslashes()
because it takes into account the current character set of the database
connection.

http://www.php.net/mysql_real_escape_string

> Also, you will need to use the "removeslashes" function when you get data
> from a query.

If you properly store data to a database, you should never have to use
the stripslashes() function. Using stripslashes() will remove slashes
that were intended to be in the output. Hint: turn off magic_quotes_gpc.

--
Ben Ramsey
http://benramsey.com/

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация