RE: [PHP] inserting ´ in a db

2007-10-04 Thread Robert Cummings
On Thu, 2007-10-04 at 10:55 -0700, Warren Vail wrote: > Rob, > > Your opinion would have meant more had you offered a solution. The only > hole that I am aware of is the likelihood that the imbedded query could get > executed accidentally later. > > If the database is mysql, there is finally a m

RE: [PHP] inserting ´ in a db

2007-10-04 Thread Warren Vail
-Original Message- From: Robert Cummings [mailto:[EMAIL PROTECTED] Sent: Thursday, October 04, 2007 10:28 AM To: Warren Vail Cc: 'Yamil Ortega'; php-general@lists.php.net Subject: RE: [PHP] inserting ´ in a db On Thu, 2007-10-04 at 10:18 -0700, Warren Vail wrote: > You need

RE: [PHP] inserting ´ in a db

2007-10-04 Thread Robert Cummings
On Thu, 2007-10-04 at 10:18 -0700, Warren Vail wrote: > You need to escape the single quote, an easy way to do this is to run the > text thru the addslashes() filter. Obviously you can't run your entire > query thru the filter thru the filter because most of your quotes need to be > identified by

RE: [PHP] inserting ´ in a db

2007-10-04 Thread Warren Vail
You need to escape the single quote, an easy way to do this is to run the text thru the addslashes() filter. Obviously you can't run your entire query thru the filter thru the filter because most of your quotes need to be identified by the db. Here is what I do. $query = "insert table1(col1, col

Re: [PHP] inserting ´ in a db

2007-10-03 Thread Aleksandar Vojnovic
Pick one: http://si2.php.net/manual/en/function.htmlentities.php http://si2.php.net/manual/en/function.addslashes.php http://si.php.net/mysql_escape_string Aleksandar Yamil Ortega wrote: Hi list, good day. I have a simple script that inserts text on a mysql table, that has a field named de

Re: [PHP] inserting ´ in a db

2007-10-03 Thread Larry Garfield
On Wednesday 03 October 2007, Tom Swiss wrote: > [EMAIL PROTECTED] (Chris) writes: > > > Everting works fine, except when I try to insert a text that includes a > > > simple quote. > > > > http://www.php.net/mysql_real_escape_string > > I'll see you that and raise you PEAR's database interface

Re: [PHP] inserting ´ in a db

2007-10-03 Thread Tom Swiss
[EMAIL PROTECTED] (Chris) writes: > > Everting works fine, except when I try to insert a text that includes a > > simple quote. > http://www.php.net/mysql_real_escape_string I'll see you that and raise you PEAR's database interfaces: http://pear.php.net/package/DB - especially DB_common:

Re: [PHP] inserting ´ in a db

2007-10-03 Thread Chris
Yamil Ortega wrote: Hi list, good day. I have a simple script that inserts text on a mysql table, that has a field named description and the type is text. Everting works fine, except when I try to insert a text that includes a simple quote. For example Yamil´s car http://www.php.n

RE: [PHP] inserting ´ in a db

2007-10-03 Thread Bastien Koert
There are any number of elements to try htmlspecialchars mysql_real_escape_string addslashes RTFM and see what works best for your situation bastien> From: [EMAIL PROTECTED]> To: php-general@lists.php.net> Date: Thu, 4 Oct 2007 11:44:34 +0900> Subject: [PHP] inserting ´ in a db> > Hi li