want to escape ' and " - CP Web Hosting

stargate · #1 (**permalink**) 06-28-2007, 09:47 AM

I want to escape ' and ". I can't figure out how to do this.
I guess the easiest way is to just add a \ to them, but how to do that?
BTW this is to stop some innocent SQL injection on my site.

getpfunky · #2 (**permalink**) 06-28-2007, 09:50 AM

Quote:

Originally Posted by stargate

I want to escape ' and ". I can't figure out how to do this.
I guess the easiest way is to just add a \ to them, but how to do that?
BTW this is to stop some innocent SQL injection on my site.

You can use the function addslashes() to escape all of the " and ' characters.

stevon · #3 (**permalink**) 06-28-2007, 09:51 AM

The proper way to prevent SQL injection is to use parameterised queries.

tertius · #4 (**permalink**) 06-28-2007, 09:54 AM

also try this

Code:

<?php
$value = stripslashes($value);
// to strip the slash.
$value = mysql_real_escape_string($value);
// to add slash.
?>

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode