Ryan A wrote: > ... > mysql_escape_string does look interesting but thats > again putting the strain in the script which I am wtf? that is just plain silly. btw if you read the following manual page: http://php.net/mysql_escape_string it will tell you that that func is depreciated - and that there is a better alternative: mysql_real_escape_string() > trying to avoid, may have to do it in the end though. > >> .... I guess you have wait till some DW guru in this > mailing list. changing " to ' in any given input and/or making that a requirement of your input routine is a brittle 'solution' - in short it sucks. what happens when freak/code/user X tries stuffing in a " regardless of what you have preached/documented/'hoped no-one would do'? you need a routine that *properly* escapes you data before you insert it into the database. > >> Good luck. > > Yep, am waiting here and from some forums, hopefully > someone will give me a break on this. which limb? and why the masochism? > Thanks for the well wishes. > as opposed to wishing wells. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
