Skip Evens wrote: > Hello all, > > I'm brand spanking new to the list and have a > quick question. > > I was under the impression that addslashes() would > handle single quote marks in INSERT statements, > but when I execute the following: > > $sql="UPDATE images SET orderno=$orderno, > url='".addslashes($url)."', > banner=$banner,caption='".addslashes($caption)."' > WHERE imageID=$imageID"; > > ...and $caption contains something like: > > "Don't look" > > ...the data is chopped off at the single quote mark. > > How, if not addslashes(), does one handle this? Skip, If you're using MySQl, try mysql_escape_string(), or mysql_real_escape_string. If using some other RDBMS, look for similar functions in their respective manual(s). You might also investigate the setting of the magic_quotes directive in php.ini, or use get_magic_quotes_gpc to return this value programmatically. Hope this helps. David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
