From: | "Christopher Kings-Lynne" <chriskl(at)familyhealth(dot)com(dot)au> |
---|---|
To: | "arun kv" <arun(at)library(dot)iisc(dot)ernet(dot)in>, "PGSQL" <pgsql-php(at)postgresql(dot)org> |
Subject: | Re: insert a special character |
Date: | 2002-03-28 05:15:41 |
Message-ID: | GNELIHDDFBOCMGBFGEFOMEOICBAA.chriskl@familyhealth.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
You need to go:
addSlashes($strexp) on the string before inserting it.
This will replace all 's and "s with \' and \"
You open up a massive security hole in your database if you're not
addSlashing every value that goes in...
Chris
> -----Original Message-----
> From: pgsql-php-owner(at)postgresql(dot)org
> [mailto:pgsql-php-owner(at)postgresql(dot)org]On Behalf Of arun kv
> Sent: Thursday, 28 March 2002 1:19 PM
> To: PGSQL
> Subject: [PHP] insert a special character
>
>
> hello,
> I have a string with ' this symbol in the middle of the text
> example:-
> " that book belong to rahul's sister"
>
> this string is to be stored in the variable "$strexp"
> when I am inserting this variable in database table
> following error apperes
>
>
> " parse error at or near "s" "
>
> How can I read the string and store in a variable and insert the same
> into the database table ?
>
> thanks in advance ,
> with regards,
> Arun
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
> (send "unregister YourEmailAddressHere" to majordomo(at)postgresql(dot)org)
>
From | Date | Subject | |
---|---|---|---|
Next Message | Chris | 2002-03-28 05:16:27 | Re: insert a special character |
Previous Message | Jean-Michel POURE | 2002-03-27 07:54:28 | Re: php oracle |