gerald_clark wrote:
> $qtext=$dbh->quote($text);
> $dbh->execute("insert into mytable set myvariable = $qtext");
>
> The above quote() function will put a \ in fronnt of all the special
> characters listed in the manual.
> These in clude "'\ and the hex 00 character.
FWIW, before anyone copies and pastes that you should use (as I'm sure
Gerald actually does):
execute("insert into mytable set myvariable = \"$qtext\""); so that
there are quotes around your variable when you insert it into the DB and
if there are spaces within your data (even accidentally), it won't try
to parse the data as part of the query;
"UPDATE MyTable SET Name = Michael Babcock WHERE ID = 4;" will get you
some errors, for the people who like examples. I've also had the
occasional "UPDATE MyTable SET Name = WHERE ID = 4;" which is also
avoided by always quoting variables.
--
Michael T. Babcock
C.T.O., FibreSpeed Ltd.
http://www.fibrespeed.net/~mbabcock
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
