Hi, can I know when does the magic_quotes_gpc start adding slashes and stripping slashes? I removed my EscapeShellCmd and my data is inserted and retrieved from the database just as i wanted. The problem now comes when I retrieve that data and immediately inserted them into another table.. then I get a MySQL error 1064 whenever my value has a single-quote in it. for example, $query1 = "select * from table where condition"; if(!($result1 = mysql_query($query1))) echo SQLError(); $var = mysql_fetch_array($result1); $query2 = "insert into table2 set col1='".$var["col1"]."', col2='".$var["col2"]."', col3='".$var["col3"]."' etc..."; if(!($result2 = mysql_query($query2))) echo SQLError(); $query1 works perfectly fine of course.. but $query2 gives me error: MySQL error: 1064 : You have an error in your SQL syntax near 's Good!', col2 = 'YES', ' at line 15 (# 256). the value retrieved from the database is: It's Good! what happened?! thanx.. ----- Original Message ----- > Ng Hwee Hwee wrote: > > > just a quick question.. does it mean, i don't have to worry that my user may > > type any commands in my text field that may hurt my system since > > magic_quotes_gpc is on? > > Heh...of course not. :) All magic_quotes is going to do for you is > escape quotes within your text. This will help with database queries but > not much else. You still need to be validating your data... > > -- > ---John Holmes...
