* Gh <garyhotko@xxxxxxxxx>:
> Is there a function that can automatically escape special characters
> before putting them into mySQL?
Use PEAR's DB or MDB2 libraries with prepared statements and
placeholders:
$sql = "INSERT INTO someTable(value1, value2) VALUES(?, ?)";
$ins = $db->query($sql, array($value1, $value2));
--
Matthew Weier O'Phinney | mailto:matthew@xxxxxxxxxx
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
