Skip Evans wrote:
I was under the impression that addslashes() would handle single quote marks in INSERT statements, but when I execute the following: $sql="UPDATE images SET orderno=$orderno, url='".addslashes($url)."', banner=$banner,caption='".addslashes($caption)."' WHERE imageID=$imageID"; ...and $caption contains something like: "Don't look" ...the data is chopped off at the single quote mark. How, if not addslashes(), does one handle this?
Change the contents of $sql to use double quotes around the strings instead of single - that's what real_escape_string was designed to escape. Alternatively use str_replace to escape single quotes.
-Stut -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php