On Tuesday 18 January 2005 19:18, Jochem Maas wrote: > I was always under the impression that single quotes (assuming you are > delineating you args with single quotes) should (officially) be escaped > with another single quote - although backslash also works: I think it depends on the database that you are using. Oracle and MS-SQL both require quotes to be escaped with another quote, MySQL uses backslashes. I seem to recall that two quotes is the standard... Of course it is even better to use bind vars and then you don't need to escape the quotes (or worry about sql injection attacks)... cheers Simon -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Simon Rees | tech-lists@xxxxxxxxxxxxxxxx | ORA-03113: end-of-file on communication channel ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php