> From: Brad Bonkoski [mailto:bbonkoski@xxxxxxxxxxxxxx] > Sent: Fri 26/05/2006 15:41 > > A lot has been said recently about the dangers of the family of > magic_quotes... > I understand the dangers. > The question is, for those of us using a database that does not have a > *real_escape_string function...Oracle for example. > What is the *best* way to escape quotes for DB insertion? Well, since Oracle escapes single-quotes with another single quote, on the few occasions when I actually have to escape I generally just run: $safe_str = str_replace("'", "''", $str); --------------------------------------------------------------------- Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning & Information Services, JG125, James Graham Building, Leeds Metropolitan University, Headingley Campus, LEEDS, LS6 3QS, United Kingdom Email: m.ford@xxxxxxxxxxxxxx Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 To view the terms under which this email is distributed, please go to http://disclaimer.leedsmet.ac.uk/email.htm
