> How do I replace all ' with \' in php so that I'm able to use > the mysql > queries. Note that simply using: preg_replace("/'/", "\'", > -1) is not what > I'm looking for, for this does not help me. Let's say I take > the address > from a form and want to enter it into the database as it is. > Now, if the > user enters "'" the above preg_replace will work but if the > user himself > enters "\'" , during replacing, the '\' introduced is nulled > by the effect > of the preceeding back-slash, and the mysql query becomes > somthing like: > mysq_insert ("insert into students (id, address) values (3, '\\'')"); > > How do I get around this problem? Is there any function which helps > to insert everything into the mysql database as it is (does > auto-escaping).
Couldn't be simpler, just use mysql_escape_string. It escapes a string for use in a mysql_query. -craig > Nirnimesh. > IIIT-Hyd. > India. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php