Hello David & all,
No, neither mysql_escape_string or
mysql_real_escape_string worked.
Yes, I am using MySQL, should have said that, sorry.
But anyway, even with both of these functions, the
data in the string containing the single quote as
in "Don't Look" is still being truncated at the
single quote mark.
Any other suggestions would be greatly appreciated.
Skip
dpgirago@xxxxxxxxxxxxxx wrote:
Skip Evens wrote:
Hello all,
I'm brand spanking new to the list and have a
quick question.
I was under the impression that addslashes() would
handle single quote marks in INSERT statements,
but when I execute the following:
$sql="UPDATE images SET orderno=$orderno,
url='".addslashes($url)."',
banner=$banner,caption='".addslashes($caption)."'
WHERE imageID=$imageID";
...and $caption contains something like:
"Don't look"
...the data is chopped off at the single quote mark.
How, if not addslashes(), does one handle this?
Skip,
If you're using MySQl, try mysql_escape_string(), or
mysql_real_escape_string.
If using some other RDBMS, look for similar functions in their respective
manual(s).
You might also investigate the setting of the magic_quotes directive in
php.ini, or use
get_magic_quotes_gpc to return this value programmatically.
Hope this helps.
David
--
Skip Evans
Big Sky Penguin, LLC
61 W Broadway
Butte, Montana 59701
406-782-2240
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
