If you are using version 1.1 be aware that addslashes in sanitize->sql is inside a conditional: if (!ini_get('magic_quotes_gpc')) { ... It seems that sanitize->sql is deprecated in 1.2 anyway. But if you are sure that fckeditor is converting the quotes to " why would they need to be escaped? databases have no problem dealing with any of the characters in "
On Mar 28, 8:38 am, "bingo" <[EMAIL PROTECTED]> wrote: > Hi bakers, > > I have one problem and a comment to make on sanitize->sql method.. > > Problem: I am using fckeditor for users to add comments to a post. > However, if the comment contain double quotes, MySQL saves only the > part that appeared before the first double quote..For instance if my > string is > > this is a test "hello world" --- mysql will save only --> this is a > test > > I am using sanitize->sql method but that is also not working... > > It seems the problem is the problem is with the fckeditor converts " > to " and mysql is not able to handle it. > > Comment: I was looking on PHP forum and found that it is better to use > mysql_real_escape_string if the intented use is to put the data in > mysql. > http://us3.php.net/manual/en/function.mysql-real-escape-string.php > > regards, > Ritesh --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---