Ryan A wrote:
>
...
> mysql_escape_string does look interesting but thats
> again putting the strain in the script which I am
wtf? that is just plain silly.
btw if you read the following manual page:
http://php.net/mysql_escape_string
it will tell you that that func is depreciated - and that there is
a better alternative: mysql_real_escape_string()
> trying to avoid, may have to do it in the end though.
>
>> .... I guess you have wait till some DW guru in this
> mailing list.
changing " to ' in any given input and/or making that a requirement of
your input routine is a brittle 'solution' - in short it sucks.
what happens when freak/code/user X tries stuffing in a " regardless of
what you have preached/documented/'hoped no-one would do'?
you need a routine that *properly* escapes you data before you
insert it into the database.
>
>> Good luck.
>
> Yep, am waiting here and from some forums, hopefully
> someone will give me a break on this.
which limb? and why the masochism?
> Thanks for the well wishes.
>
as opposed to wishing wells.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
