Hartleigh Burton wrote:
You were in the right area thats for sure. I had a look through where
the script was ending a bit closer... there is a function i use to make
the sql query safe for inserts if magic quotes is not on thats something
like this...
function WalkAddSlashes(&$item, $key) {
if(!is_array($item)) {
$item = addslashes($item);
$item = str_replace("\"",""",$item);
}
}
I'm happy you solved your problem, but I think it's worth pointing out
that your function is flawed if the intention is to make the data safe
for inclusion in a MySQL query. Addslashes() doesn't do anywhere near
enough, you should be using mysql_real_escape_string() instead.
-Stut
--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
