> Dotan, > > You are making this thing harder then it has to be. > > All you need is to replicate the escaping of the same characters that > mysql_real_escape_string() escapes. Simply do that. They are listed on the > functions manual page on php.net > > http://php.net/mysql_real_escape_string > > Here is a function that I mocked up really quick. > > I have no idea if it will work, but it is a start down the right road to solve > your problem(s)... > > <?php > > function clean_string($input) { > > /** > * Character to escape... > * \x0 \n \r \ ' " \x1a > **/ > > $patterns = array( "\x0", "\n", "\r", "\\", "'", "\"", "\x1a"); > $replace = array( '\\\x0', '\n', '\r', '\\\\', '\\\'', '\\"', '\\\x1a'); > return str_replace($patterns, $replace, $input); > } > > ?> > I think that I would rather trust the built-in functions. I don't need to do anything "smart" and get attacked. Anybody else have an opinion on this? -- Dotan Cohen http://what-is-what.com http://gibberish.co.il -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
