Niel Archer wrote:
I prefer PHP Data Objects http://in3.php.net/manual/en/book.pdo.php to
addslashes and mysql_real_escape_string
I prefer PDO myself. However, it is not necessarily safer. When using
prepared statements the parameters are automatically escaped similar to
mysql(i)_real_escape_
> I prefer PHP Data Objects http://in3.php.net/manual/en/book.pdo.php to
> addslashes and mysql_real_escape_string
I prefer PDO myself. However, it is not necessarily safer. When using
prepared statements the parameters are automatically escaped similar to
mysql(i)_real_escape_string, if my read
I prefer PHP Data Objects http://in3.php.net/manual/en/book.pdo.php to
addslashes and mysql_real_escape_string
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Manu Gupta wrote:
You can also use addslashes
No, you can't.
http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string
good reasons why addslashes is the wrong thing to use.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://w
You can also use addslashes
On Mon, Jul 27, 2009 at 11:46 PM, Niel Archer wrote:
> > Hi,
> >
> >
> >
> > I have a form in which my sales reps can add new clients into the
> database,
> > but I'm running into a problem if the client's name includes a single
> quote,
> > such as O'Henry, when it c
> Hi,
>
>
>
> I have a form in which my sales reps can add new clients into the database,
> but I'm running into a problem if the client's name includes a single quote,
> such as O'Henry, when it comes time to input the form data into the database
> table. I'm guessing I need to use ereg_repla
Hi,
I have a form in which my sales reps can add new clients into the database,
but I'm running into a problem if the client's name includes a single quote,
such as O'Henry, when it comes time to input the form data into the database
table. I'm guessing I need to use ereg_replace, or something
