Hi Chris, You're fine with mysql_real_escape_string(). % or _ only need to be escaped if you're using them in LIKE and want them to match iterally. -- never needs to be escaped in a string.
BTW, if you're using PHP and the stupid magic_quotes_gpc is on, you don't want to escape stuff yourself again, or it will add too many slashes! So you need to check for that somehow. Hope that helps. Matt ----- Original Message ----- From: "Chris W" Sent: Wednesday, December 31, 2003 4:44 PM Subject: special characters as field values > I am storing data from an html form and there could be any character in > there, including a % and an _. I'm using mysql_real_escape_string in > php to escape special characters, but it says it doesn't escape the % > and _. I was also reading something about escaping the -- . If I want > all of these characters and character sequences to be allowable field > values do I need to do more than what mysql_real_escape_string will do > for me? I am enclosing all values in ' like the following... > > $query = "INSERT INTO user Values (NULL, '$UserID', '$Password', > '$Email', '$FName', '$LName', "; > $query .= "'$StreetAddress', '$AddressLine2', '$City', '$State', '$ZIP')"; > $result = mysql_query($query); > > > Chris W -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
