Brad Bonkoski wrote:
All...
A lot has been said recently about the dangers of the family of
magic_quotes...
I understand the dangers.
The question is, for those of us using a database that does not have a
*real_escape_string function...Oracle for example.
What is the *best* way to escape quotes for DB insertion?
It seems that addslashes gets a lot of flack, but is there any
other/better way?
if this is about escaping single quotes (and there maybe other stuff that needs
escaping - stuff I can't think of right now - stuff that may or may not be related
to the encoding one is using [e.g. unicode]) then one should be escaping single quotes
with single quotes:
UPDATE blatable SET blafield = 'my ''blablabla''';
which all decent/recent DBMS' support IIRC.
-Brad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
