I have a class method that does one thing and one thing only.
Escape characters before going to the DB.
Part of it is ->
if (!get_magic_quotes_gpc())
{
$string = pg_escape_string( $string );
}return "'" . $string . "'";
In everyday get/post operation it seems to work flawlessly.
I've come across a situation where Im parsing an XML file to insert into the DB.
The content needed to be escaped, so I modified the above to ->
if (!get_magic_quotes_gpc() || !get_magic_quotes_runtime())
{
$string = pg_escape_string( $string );
}
return "'" . $string . "'";
And the XML data is escaped correctly for DB insertion.
Now going back to my everyday get/post operation, the code is broken somehow, as content,
that is not normally escaped is escaped, and breaking stuff, like serialized data in the DB.
Is the above code valid for escaping characters in get/post/cookie and external data operation?
Can they be safetly used together as in my example above. (Where if one condition doesn't meet, and the other does, escape characters).
Or there may be something else in my code that is messing things up.
Any pointers/experience would be greatly appreciated. Thanks
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
