Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470391847
Jumping from ASP to ASP.NET
Cover image for product 0470286652
ASP.NET AJAX Control Development with Visual Studio 2008 and .NET 3.5 Framework
Attention User Groups: Post your next LUG event here
  Return to Index  

pro_php thread: SV: making sql queries safe

Message #1 by "Datatal AB - Gauffin, Jonas" <jonas@d...> on Tue, 17 Dec 2002 16:03:32 +0100
> No need to escape strings if magic_qoutes is enabled.
> If not, just use addslashes, stripslashes.
> For mysql use mysql_escape.
> 

I'm trying to create a generic function that you 
can pass an _entire_ query (as one string) into.
(That works no matter quotes on or off)

Example query..

	insert into user ('john's', 'password')

If you add slashes, as you suggest, you would get..

	insert into user (\'john\'s\', \'password\')

But what it needs to be is..

	insert into user ('john\'s', 'password')

I know that you can addslashes to the _individual_ 
values as you are _building_ the query... I am trying 
to work with the 'built' query as a whole. 

Hence the use of regular expressions..

Try the sample code I submitted and you will see 
what I mean.

Cheers,
Justin :)

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy