On Fri, December 1, 2006 2:32 pm, Johannes Lindenbaum wrote:
> Here the "smart quoting" function off php.net
>
> |function quote_smart($value)
> {
> // Stripslashes
> if (get_magic_quotes_gpc()) {
> $value = stripslashes($value);
> }
> // Quote if not a number or a numeric string
> if (!is_numeric($value)) {
I personally would not test for is_numeric() to determine whether or
not to call mysql_real_escape_string.
I don't know UTF-8/UTF-16/Klingon well enough to know that it's going
to Do The Right Thing.
> $value = "'" . mysql_real_escape_string($value) . "'";
I also would not attempt to add the apostrophes at this layer of
business logic, personally.
Put them into the SQL string, rather than as part of the "data" being
munged.
> }
> return $value;
> }
The easier and more clear way to do what you did:
> From that Idea I implemented that into my MySQL class:
> public function smartQuote( $string )
> {
> if( get_magic_quotes_gpc() == 1 ) {
> return stripslashes($string);
> }
//No matter what the data is/was, and no matter about GPC on or off
//you still want to escape it for MySQL:
////> else {
return mysql_real_escape_string($string);
////> }
> }
>
> I was wondering if my above function is correct and the website's
> documentation is off a little?
The function you have is correct; The documentation is correct.
Resolving those two inside your head is going to take a tiny bit more
effort on your part, but you've obviously "got it" to about 99% now!
Rock On!
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
