On Aug 22, 2010, at 7:12 PM, Chris wrote:
On 20/08/10 08:05, Karl DeSaulniers wrote:
On Aug 19, 2010, at 4:44 PM, Karl DeSaulniers wrote:
On Aug 19, 2010, at 4:36 PM, Daevid Vincent wrote:
You should be using
You don't need to search with extra slashes for retrieval.
-----Original Message-----
From: Karl DeSaulniers [mailto:karl@xxxxxxxxxxxxxxx]
Sent: Thursday, August 19, 2010 2:29 PM
To: php-db@xxxxxxxxxxxxx
Subject: Slashes or no slashes
When I add an item to my database and I use addslashes(),
do I have to use addslashes() to a query that looks for that item?
Or would I be adding double slashes and canceling my own result?
Karl DeSaulniers
Design Drumm
-- PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ah, but lets say I am using a character set utf-8, I should use
mysql_real_escape_string() instead?
Karl DeSaulniers
Design Drumm
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
For a line like this..
return htmlspecialchars(stripslashes($this->values[$field]));
would I change this to?
return mysql_real_escape_string($this->values[$field]);
Or do I still need the htmlspecialchars? In that case would I
change it to?
return htmlspecialchars(mysql_real_escape_string($this->values
You use mysql_real_escape_string for queries on the way in.
$query = "select * from table where name='".mysql_real_escape_string
You use htmlspecialchars on the way out:
$value = htmlspecialchars($row['name']);
Postgresql & php tutorials
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Ah.. thanks Chris.
If I want to compare that value I get from the database to what a
user entered,
do I escape the value they entered or add htmlspecialchars to it
before comparing it to what comes out of the database.
Sorry this is such a PHP 101 question. If you have time to respond,
please do, otherwise no worries, I am sure I will figure it out.
Karl DeSaulniers
Design Drumm
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php