On Wed, May 6, 2009 at 2:25 PM, Shawn McKenzie <nospam@xxxxxxxxxxxxx> wrote: > Igor Escobar wrote: >> Yeah yeah, i understood that, but, the point is... i sad previously, my >> function is not tied to any database. >> >> Is a generic function, i dont know who be use this, so i don't know, what is >> your data base so, i can't use functions like mysql_real_scape_string etc... > > Then the best you can do is replace mysql_real_scape_string() with > addslashes() or possibly addcslashes() and build your own list. > > You can't just use addslashes() or addcslashes(). You have to know what database you are using because the escape sequences are different. In MySQL, single quote characters are escaped by a backslash. In SQL Server, they are escaped by doubling them. There are a lot of libraries available that already do this. If someone wants to write yet another one, it would probably be worthwhile to dissect some of those existing libraries to see how they handle work under the hood. Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
