On Oct 30, 2006, at 9:19 AM, Stut wrote:

Ed Lazor wrote:
It looks like you guys are coming up with some cool solutions, but I have a question. Wasn't the original purpose of this thread to prevent sql injection attacks in input from user forms? If so, wouldn't mysql_real_escape_string be an easier solution?

Me thinkie nottie. From the OP...

"I need to remove the noise words from a search string."

You sure?  This is what they said originally:

"Nothing else is relevant, but $searchQuery will get passed to the database, so it should be protected from SQL injection. That's why I want to remove characters such as quotes, dashes, and the equals sign."

Maybe that doesn't account for all of the extra words they're trying to remove... dunno, thus my question.


However, until the OPer accepts that people are right when they say you can't append strings to an array it's never going to work. Every bit of sample code posted retains the following line of code rather than fixing it according to several other previous posts...

"^".$noiseArray."$"

Happy happy joy joy, oh look, the spring's broken. Doing!!

Persistence is a virtue? hehe


-Stut (slightly drunk, but feeling generally good about the world)

Heeeeeeeeeeeey. That's not fair. No bragging unless you plan on sharing :)

-Ed

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to