"Chad Stalvey" <chad@xxxxxxxx> wrote in message news:200408161455.i7GEtLCT058310@xxxxxxxxxxxxxxx > Ok. It seems that a $_POST value comes over with the escaped single quote as > in O\'Neal. So why does it not preserve that escape when pulling a value > from a table field, and inserting it back into another table field? When I > pull it out and insert it back in it is simply O'Neal. Because the escape quotes are not stored in the database. Otherwise all data would have to be "cleaned" when fetching it from the DB. It's the application's job to sanitize all user submitted data. So apply mysql_real_escape_string() to all submitted values and turn off magic_quotes in your php.ini. Regards, Torsten -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
