Prev: Installing PHP 5.2 gives PHP warning.
Next: Gantt-charts in PHP?
From: Stut on 6 Mar 2007 02:23
Hartleigh Burton wrote:
> You were in the right area thats for sure. I had a look through where
> the script was ending a bit closer... there is a function i use to make
> the sql query safe for inserts if magic quotes is not on thats something
> like this...
>
> function WalkAddSlashes(&$item, $key) {
> if(!is_array($item)) {
> $item = addslashes($item);
> $item = str_replace("\"",""",$item);
> }
> }

I'm happy you solved your problem, but I think it's worth pointing out
that your function is flawed if the intention is to make the data safe
for inclusion in a MySQL query. Addslashes() doesn't do anywhere near
enough, you should be using mysql_real_escape_string() instead.

-Stut
First  |  Prev  | 
Pages: 1 2 3
Prev: Installing PHP 5.2 gives PHP warning.
Next: Gantt-charts in PHP?