Mega Code Archive
Mysql escape string
A big hole in PHP's mysql support: the lack of mysql_escape_string function. Wondered what
the easiest way of taking any zero-terminated string (i.e. one with single/double quotes,
commas, special chars) and putting it in an SQL statement so it ALWAYS WORKS? Use this
version of mysql_escape_string; based on the formal MySQL escape charater definition found
at www.mysql.com.
Example :
========
//put any chars you like in $un and $pw
$sql=sprintf("insert into users (username, password) values(\"%s\",\"%
s\")",mysql_escape_string($un), mysql_escape_string($pw));