On Wednesday 09 August 2006 07:49 am, [EMAIL PROTECTED] wrote: > hi to all. > > battling this problem on several forums and mailing lists, I got confused: > when store string that contains quotations (ie afan's "php" shop) in mysql > does it have to be stored with backslashes (afan\'s \"php\" shop) or just > the way it is? my login's telling me the way it is. am I wrong?
Yes, MySQL stores it that way for a specific reason. That is strings are generally input in the form: INSERT INTO table (blah) VALUES('blah'); That said, if you didn't have the slash escape, you'd have something like: INSERT INTO table (blah) VALUES('I'm blah); Which MySQL would choke on, not knowing what to do with m blah. Also, this is done to prevent SQL injection, like: INSERT INTO table (blah) VALUES('[bl' ; DELETE FROM table; SELECT('ah]'); where [] is what the user inputs. Now when displaying, you'll have to unescape the slashes generally. Unfortunately I can't remember in PHP if that's because of magic quotes or just the way the db has it stored. My gut instinct is the former. > thanks for any help. > > -afan -- Chris White PHP Programmer/DBaboon Interfuel -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]