On Tue, 26 Jul 2005 09:22:31 +0100, Colin McKinnon
<co**************@andthis.mms3.com> wrote:
Willem-Jan wrote:
Im a newbee in PHP and MySQL. Im wondering if there is a standard
combination of functions u should use on variabels psoted by a form
before u add them to a database. Something like:
$var = trim(addslashes($_POST['test']));
mysql_escape_string()
Yep, or use a library that emulates placeholders, despite MySQL (production
versions, anyway) not supporting them natively - ADOdb is my favourite. The
correct escaping is then done consistently by the library, saving you from
introducing a problem by the one time you forget to use mysql_escape_string().
--
Andy Hassall / <an**@andyh.co.uk> / <http://www.andyh.co.uk>
<http://www.andyhsoftware.co.uk/space> Space: disk usage analysis tool