On Wednesday 15 January 2003 04:26, julian haffegee wrote:
> I want to insert some text into my database, but I'm worried about bad
> data - metacharacters etc.
>
> So I need to filter the input and remove bad characters. Which characters
> should I remove? What is bad for mysql?
>
> does anyone know a good subroutine (or webpage telling me all about it) for
> reference. I did have a good(ish) php way of doing this, but need perl
> this time.
You should escape some chars:
http://www.mysql.com/doc/en/String_syntax.html
Take a look at addslashes() function in PHP or mysql_escape_string(). You can
also use MySQL function QUOTE():
http://www.mysql.com/doc/en/String_functions.html
--
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.net http://www.ensita.net/
__ ___ ___ ____ __
/ |/ /_ __/ __/ __ \/ / Victoria Reznichenko
/ /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED]
/_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net
<___/ www.mysql.com
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
