Jim Lucas wrote: > Dotan Cohen wrote: >>> So, actually taking a minute to read up on addcslashes(), it is a >>> rather handy >>> little function. >>> >>> Taking the list of characters that mysql_real_escape_string() says it >>> escapes: >>> >>> http://us3.php.net/mysql_real_escape_string >>> >>> Which it lists: \x00, \n, \r, \, ', " and \x1a >>> >>> \0 = \x0 >>> \10 = \n >>> \13 = \r >>> \92 = \ >>> \44 = ' >>> \34 = " >>> \26 = \x1a >>> >>> You could do something like this. >>> >>> function cleaner($input) { >>> return addcslashes($input, "\0\10\13\92\44\34\26"); >>> } >>> >>> Maybe this will help... >>> >>> Jim >>> >> >> So far as I understand mysql_real_escape_string() was invented because >> addslashes() is not adequate. >> >> > > If you look a little closer, you will see that I am not using > addslashes(). Rather, I am using addcslashes(). This allows to specify > the characters that I want escaped, instead of the default assumed > characters from addslashes(). > Thinking a little deeper here, you say you are concerned about the character type, yet you say that it is all assumed UTF-8. Is everything going to be UTF-8 or something else? If it is all going to be UTF-8, then the addcslashes() variation above will work. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
