> How do I replace all ' with \' in php so that I'm able to use
> the mysql
> queries. Note that simply using: preg_replace("/'/", "\'",
> -1) is not what
> I'm looking for, for this does not help me. Let's say I take
> the address
> from a form and want to enter it into the database as it is.
> Now, if the
> user enters "'" the above preg_replace will work but if the
> user himself
> enters "\'" , during replacing, the '\' introduced is nulled
> by the effect
> of the preceeding back-slash, and the mysql query becomes
> somthing like:
> mysq_insert ("insert into students (id, address) values (3, '\\'')");
>
> How do I get around this problem? Is there any function which helps
> to insert everything into the mysql database as it is (does
> auto-escaping).
Couldn't be simpler, just use mysql_escape_string. It escapes a string
for use in a mysql_query.
-craig
> Nirnimesh.
> IIIT-Hyd.
> India.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
