On Saturday 10 April 2004 00:47, Chris Baechle wrote: > The mysql_escape_string() function escapes ' (single quote) and " > (double quote) characters. When php recieves information data through a > form, it automatically escapes these characters (tested with php 4.3.5). php.ini -> disable 'magic_quotes_gpc' > I also noticed mysql_escape_string() is only meant to escape binary data > to be inserted. It will escape any characters that needs to be escaped ... > Consequently it does not escape all metacharacters as > defined by the w3c. ... and is in no way related to "metacharacters as defined by the w3c". If you are having a particular problem please elaborate. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db ------------------------------------------ /* We'll be recording at the Paradise Friday night. Live, on the Death label. -- Swan, "Phantom of the Paradise" */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
