It is already quoted. That's the point. Michael T. Babcock wrote:
> gerald_clark wrote: > >> $qtext=$dbh->quote($text); >> $dbh->execute("insert into mytable set myvariable = $qtext"); >> >> The above quote() function will put a \ in fronnt of all the special >> characters listed in the manual. >> These in clude "'\ and the hex 00 character. > > > FWIW, before anyone copies and pastes that you should use (as I'm > sure Gerald actually does): > execute("insert into mytable set myvariable = \"$qtext\""); so that > there are quotes around your variable when you insert it into the DB > and if there are spaces within your data (even accidentally), it won't > try to parse the data as part of the query; > > "UPDATE MyTable SET Name = Michael Babcock WHERE ID = 4;" will get you > some errors, for the people who like examples. I've also had the > occasional "UPDATE MyTable SET Name = WHERE ID = 4;" which is also > avoided by always quoting variables. > --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php