---------- Forwarded message ---------- From: GH <garyhotko@xxxxxxxxx> Date: Tue, 16 Nov 2004 08:45:08 -0500 Subject: Re: Automatically Escape? To: Jordi Canals <jcanals@xxxxxxxxx>
What is the Diffrencce between mysql_escape_string and mysql_real_escape_string?
the *_real_* one takes into account charset of the current connection, as mentioned in the manual
On Tue, 16 Nov 2004 14:34:43 +0100, Jordi Canals <jcanals@xxxxxxxxx> wrote:
On Tue, 16 Nov 2004 12:33:15 +0000, Richard Davey <rich@xxxxxxxxxxxxxxxx> wrote:
G> Is there a function that can automatically escape special characters G> before putting them into mySQL?
See magic_quotes to have it done for you. Although this isn't a recommend approach if you plan to distribute your application, in which case mysql_escape_string() is the one.
Just a comment :
Note: This function (mysql_escape_string) has been deprecated since PHP 4.3.0. Do not use this function. Use mysql_real_escape_string() instead.
So, if you're coding new scripts is better to use mysql_real_escape_string().
Best regards, Jordi.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
