On 12/1/06, Johannes Lindenbaum <johannes@xxxxxxxxxxxxxx> wrote:
Eric Butera schrieb: > > You almost have it. What you need to do is if magic quotes is on, > then stripslashes and apply mysql_real_escape_string. If magic quotes > is off only apply mysql_real_escape_string since php didn't escape > values for you. > > Also in your mysql_real_escape_string I would suggest adding the > second parameter to your connection. > > Isn't that what I have? Quote: So I modified a little: public function smartQuote( $string ) { if( get_magic_quotes_gpc() == 1 ) { return mysql_real_escape_string(stripslashes($string)); } else { return mysql_real_escape_string($string); } } if the MQ runtime is on / 1 stripslashes from string then apply mysql_real_escape_string? [ So the documentation is wrong? http://ca.php.net/manual/en/function.mysql-real-escape-string.php - Example 3. A "Best Practice" query ] I will add the MySQL link identifier - cheers! Thanks again for the help. Regards, Johannes -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Blah sorry, I saw your second example not your final code. Some scripts I use have different database connections and because of that it is very important to always make sure I am using the correct link identifier. The php best practice example checks the string to see if it is a number. If it is there technically isn't any reason to escape because there won't be any quotes. Just out of curiosity how exactly are you going to put the link identifier in your method since it is static? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php