You want to use mysql_escape_string, and NOT addslashes and NOT Magic
Quotes.
On Fri, May 25, 2007 12:34 pm, Rahul Sitaram Johari wrote:
>
> Ok, I'm not able to use array_map() at all to my benefit, or at least
> I
> can't figure out how to.
>
> I'm trying to generate the string with escape slashes before I put it
> in the
> INSERT statement, but it's not working primarily because values have
> to be
> enclosed in Single Quotes while inserting into mySQL and Single Quote
> itself
> is escape when using mysql_escape_string!!!
>
> On 5/25/07 11:41 AM, "Zoltán Németh" <znemeth@xxxxxxxxxxxxxx> wrote:
>
>>> Ave,
>>>
>>> I¹m inserting values out of an array into mySQL. There¹s other
>>> values
>>> besides the array values that are being inserted as well. This is
>>> my simple
>>> INSERT code:
>>>
>>> $sql = "INSERT INTO db
>>> (Date,Time,Phone,Account,AccountType,RateClass,VoltLevel,IsoZone,TaxDist,Loa
>>> dProfile,ServiceName,ServiceAddress,ServiceCity,ServiceState,ServiceZip,Dema
>>> nd,Kwh,Cost) VALUES ('$dt','$tm','$thephone','".implode("','",
>>> array_values($var))."')";
>>>
>>> $var can contain values that have special characters that I need to
>>> escape.
>>> I¹d like to use mysql_escape_string() but I¹m not sure how to
>>> integrate
>>> mysql_escape_string here with the INSERT statement. I tried it, but
>>> it¹s not
>>> working. Any clues?
>>
>> you should do the escaping before assembling the INSERT statement
>> a useful tool for this is array_map():
>> http://hu.php.net/array_map
>>
>> then you can use the above method for creating the query string
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
