The forums have permanently moved to forum.kirupa.com. This forum will be kept around in read-only mode for archival purposes. To learn how to continue using your existing account on the new forums, check out this thread.


Results 1 to 3 of 3

Thread: [php & mySQL] advice

  1. #1

    [php & mySQL] advice

    I have a script that inserts variables into a database something like:

    INSERT INTO `table_name` (`text1`,`text2`,`text3`,`text4`) VALUES ('$text1', '$text2', '$text3', '$text4')


    as you can see it puts the variables directly into the database, now if one of those variables has a ' in it it would mess up the the sql statement. How should I avoid this? I was thinking of using str_replace and replace ' with \' but that doesn't work. Any Ideas? I know there is a simple solution I just can't think of it right now.

    Thanks.

  2. #2
    after searching over at php.net I found htmlspecialchars I think that should work... lemme know if a better way exists.

    thanks.

  3. #3
    amitgeorge's Avatar
    646
    posts
    -1 posts per day. Huh ?
    you dont need to do anythjing ... php automatically does it for you.....

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012