Re: Slashes or no slashes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Ahhh.. Kapu where were you three months ago?? :)
Prepared statements sounds like the way to go,
but at this point that would mean converting a lot of pages.
I will have to investigate some more about this and convert the code over at a later date. 
For now I think mysql_real_escape_string will work for what I am doing.
Thank you all for your responses. Again.

Best,

Karl


On Aug 19, 2010, at 5:40 PM, <kapuoriginal@xxxxxxxxx> wrote:


I think you should use prepared statements.

Kapu

--------------------------------------------------
From: "Karl DeSaulniers" <karl@xxxxxxxxxxxxxxx>
Sent: Friday, August 20, 2010 12:05 AM
To: <php-db@xxxxxxxxxxxxx>
Subject: Re:  Slashes or no slashes


On Aug 19, 2010, at 4:44 PM, Karl DeSaulniers wrote:

On Aug 19, 2010, at 4:36 PM, Daevid Vincent wrote:


You should be using
http://us2.php.net/manual/en/function.mysql-escape-string.php

You don't need to search with extra slashes for retrieval.


-----Original Message-----
From: Karl DeSaulniers [mailto:karl@xxxxxxxxxxxxxxx]
Sent: Thursday, August 19, 2010 2:29 PM
To: php-db@xxxxxxxxxxxxx
Subject:  Slashes or no slashes

Hello,
When I add an item to my database and I use addslashes(),
do I have to use addslashes() to a query that looks for that item?
Or would I be adding double slashes and canceling my own result?
TIA

Karl DeSaulniers
Design Drumm
http://designdrumm.com





-- PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ah, but lets say I am using a character set utf-8, I should use mysql_real_escape_string() instead? 
Best,

Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


For a line like this..
return htmlspecialchars(stripslashes($this->values[$field]));
would I change this to?
return mysql_real_escape_string($this->values[$field]);
Or do I still need the htmlspecialchars? In that case would I change it to? return htmlspecialchars(mysql_real_escape_string($this->values [$field])); 
TIA
Karl DeSaulniers
Design Drumm
http://designdrumm.com
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Karl DeSaulniers
Design Drumm
http://designdrumm.com


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux