gerald_clark wrote: > $qtext=$dbh->quote($text); > $dbh->execute("insert into mytable set myvariable = $qtext"); > > The above quote() function will put a \ in fronnt of all the special > characters listed in the manual. > These in clude "'\ and the hex 00 character.
FWIW, before anyone copies and pastes that you should use (as I'm sure Gerald actually does): execute("insert into mytable set myvariable = \"$qtext\""); so that there are quotes around your variable when you insert it into the DB and if there are spaces within your data (even accidentally), it won't try to parse the data as part of the query; "UPDATE MyTable SET Name = Michael Babcock WHERE ID = 4;" will get you some errors, for the people who like examples. I've also had the occasional "UPDATE MyTable SET Name = WHERE ID = 4;" which is also avoided by always quoting variables. -- Michael T. Babcock C.T.O., FibreSpeed Ltd. http://www.fibrespeed.net/~mbabcock --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php