On Mon, Mar 18, 2013 at 4:20 PM, Stuart Dallas <stuart@xxxxxxxx> wrote: > On 18 Mar 2013, at 15:08, Matijn Woudt <tijnema@xxxxxxxxx> wrote: > > > On Mon, Mar 18, 2013 at 2:19 PM, Sebastian Krebs <krebs.seb@xxxxxxxxx > >wrote: > > > >> 2013/3/18 Ken Robinson <kenrbnsn@xxxxxxxxx> > >> > >>> > >>> > >>> On 18.03.2013 09:10, Norah Jones wrote: > >>> > >>>> I am having an string which was have few ' (single quote) and few " > >>>> (double quotes) and was not able to insert into the mysql database. I > >>>> have replaced them with \' and \" and everything is fine. > >>>> Though this are fine now but don't understand the working and I could > >>>> have missed few corner cases also. Please suggest the working and also > >>>> if there is some better way to achieve this. > >>>> > >>> > >>> You should be using either mysql_real_escape_string or > >>> mysqli_real_escape_string (preferably the later) depending on how > you're > >>> accessing the DB. > >> > >> > >> You shouldn't use ext/mysql at all! > >> Use prepared statements with PDO_MYSQL or MySQLi > >> > >> > > And here comes the flame war again... > > There's no need for it to be a flame war. The mysql extension is > officially not recommended for writing new code, so anyone using it should > be informed of this fact. I think it should consist of more than "don't use > that," but at the very least that should cause the questioner to want to > know why. > > http://php.net/intro.mysql > > This issue is problematic for exactly the reason Norah demonstrates above: > "it's working." Great that in this case it hasn't been left at that, but > most will see it work and think they've "got it right." I believe the > community has a responsibility to give good advice and recommend best > practices as well as directly addressing people's problems, so it's right > that things like this get repeatedly pointed out where appropriate. > > I know ext/mysql is deprecated, though is there any difference between the procedural mysqli vs ext/mysql, except that mysqli requires $link, whereas ext/mysql will take the last link opened? - Matijn
