Skip Evans wrote:
I was under the impression that addslashes() would
handle single quote marks in INSERT statements,
but when I execute the following:
$sql="UPDATE images SET orderno=$orderno,
url='".addslashes($url)."',
banner=$banner,caption='".addslashes($caption)."'
WHERE imageID=$imageID";
...and $caption contains something like:
"Don't look"
...the data is chopped off at the single quote mark.
How, if not addslashes(), does one handle this?
Change the contents of $sql to use double quotes around the strings
instead of single - that's what real_escape_string was designed to
escape. Alternatively use str_replace to escape single quotes.
-Stut
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php