Shaun wrote:
> function db_query($query) {
> if(!magic_quotes_gpc()){
> $qid = mysql_query(addslashes($query));
> } else {
> $qid = mysql_query($query);
> }
> return $qid;
> }
>
> But this adds too many slashes! Has anyone come to a better solution
> regarding this?
I believe you should be performing this on each data item individually,
not the entire SQL statement. I presume it's escaping the quotes you're
using to quote the strings in your SQL.
Anyone know of a better was of doing this? We have to run our code on a
variety of public servers, some with magic quotes and some more
enlightened servers without. Might be nice to have a mq_addslashes
function.
Or I could write one myself of course...
Tim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
