|
Posted by Richard Lynch on 04/09/05 05:34
On Fri, April 8, 2005 3:43 pm, list_php_general@controlaircorp.com said:
> I am looking for help handling a form input to SQL. I believe the solution
> has to do with regular expressions.
> My big problem is that when a user submits data such as:
>
> Joe's Crabshack
>
> The ' apostrophe or " can cause an early truncation of the data. My code
> thinks that the closing identifier is after the word Joe and the rest of
> the input is lost. Further, if the data does get by and it could possibly
> break a SQL statement.
>
> Am I right in thinking the solution in this matter is using regular
> expressions? If so, where is a good resource to polish my skills?
You would be far better off using the built-in mysql_escape_string (recent
PHP versions) or http://php.net/addslashes
You might want to try to use Regex as an exercise, but this ain't the
place for it on a real site.
--
Like Music?
http://l-i-e.com/artists.htm
[Back to original message]
|