mysql "make string safe" function

**®ed Eye Media - Richard Grove** · Jul 17 '05, 03:31 AM

Re: mysql "make string safe" function

"/dev/null" <dev.null@Begin Thread.com> wrote in message
news:duqZb.2280 95$U%5.1463692@ attbi_s03...[color=blue]
> Is there a function in php that you can pass a string headed for a mysql
> query and have it make it 'safe'? For example it would escape out the '
> found in the string.
>
> Thanks!
>
>[/color]

addslashes();
RG

**Cameron** · Jul 17 '05, 03:31 AM

Re: mysql "make string safe" function

®ed Eye Media - Richard Grove wrote:[color=blue]
> "/dev/null" <dev.null@Begin Thread.com> wrote in message
> news:duqZb.2280 95$U%5.1463692@ attbi_s03...
>[color=green]
>>Is there a function in php that you can pass a string headed for a mysql
>>query and have it make it 'safe'? For example it would escape out the '
>>found in the string.
>>
>>Thanks!
>>
>>[/color]
>
>
> addslashes();
> RG
>
>[/color]

Nah, don't use addslashes use

mysql_real_esca pe_string($stri ng, $rli);

PHP: mysql_real_escape_string - Manual

http://uk.php.net/manual/en/function.mysql-real-escape-string.php

Escapes special characters in a string for use in an SQL statement

~Cameron

**Cameron** · Jul 17 '05, 03:31 AM

Re: mysql "make string safe" function

Cameron wrote:[color=blue]
> ®ed Eye Media - Richard Grove wrote:
>[color=green]
>> "/dev/null" <dev.null@Begin Thread.com> wrote in message
>> news:duqZb.2280 95$U%5.1463692@ attbi_s03...
>>[color=darkred]
>>> Is there a function in php that you can pass a string headed for a mysql
>>> query and have it make it 'safe'? For example it would escape out the '
>>> found in the string.
>>>
>>> Thanks!
>>>
>>>[/color]
>>
>>
>> addslashes();
>> RG
>>
>>[/color]
>
> Nah, don't use addslashes use
>
> mysql_real_esca pe_string($stri ng, $rli);
>
> http://uk.php.net/manual/en/function...ape-string.php
>
> ~Cameron[/color]

Oh and I should also add that you should do other validation of data as
well, just to be sure.

~Cameron

**Reply via newsgroup** · Jul 17 '05, 03:31 AM

Re: mysql "make string safe" function

/dev/null wrote:
[color=blue]
> Is there a function in php that you can pass a string headed for a mysql
> query and have it make it 'safe'? For example it would escape out the '
> found in the string.
>
> Thanks!
>
>[/color]

Others I see have suggested addslashes() however you may not have to do
this - read into the configuration setting behind get_magic_quote s_gpc()
as it could be that your input is already being escaped...

See the following:

PHP: PHP Options/Info Functions - Manual

http://ca3.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc

PHP Options/Info Functions

PHP: get_magic_quotes_gpc - Manual

http://ca3.php.net/get_magic_quotes_gpc

Gets the current configuration setting of magic_quotes_gpc

PHP: addslashes - Manual

http://ca3.php.net/manual/en/function.addslashes.php

Quote string with slashes

PHP: stripslashes - Manual

http://ca3.php.net/manual/en/function.stripslashes.php

Un-quotes a quoted string