On Mon, 22 May 2006, John Nichel wrote:
Brad Bonkoski wrote:
Looks good to me, just make sure you use:
http://www.php.net/manual/en/function.stripslashes.php
if you have to dump that information back to the users.
(you might want to check out: addslashes() to add the slashes before your
DB insert, just to keep those things under your command)
-Brad
No, no, no. Bad coder.
I was about to say the same! ;-)
Always, always, always...
mysql_real_escape_string()
The best way is to use PEAR::DB and work with quoteSmart() :-D
--
21:50:04 up 2 days, 9:07, 0 users, load average: 0.92, 0.37, 0.18
---------------------------------------------------------
Lic. Martín Marqués | SELECT 'mmarques' ||
Centro de Telemática | '@' || 'unl.edu.ar';
Universidad Nacional | DBA, Programador,
del Litoral | Administrador
---------------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
