Michael Widenius wrote:
> >>>>> "Frank" == Frank Piwarski <fpiwarsk@stripped> writes:
> Frank> As always thank you for your most timely reply and informative reply.
> Frank> /f
> The ^^ will not remove the problem, it will only make it more likely!
> Even if you are using ^^, you must still escape '\ !
> Why not simply call:
> mysql_escape_string() after urlSafe ?
Well, one reaspn is that mysql_escape_string() is sort of a black box
for me in that I don't fully understand how to use it.
I would like to better understand how to use mysql_escape_string(). The
closest I have come is to see it used like mysql.escape(string) as in
INSERT INTO certificate VALUES ( '"+MySQL.escape(b)+"', x etc.
but still, to escape ' still has the field delimter recognition problem.
By using a pseudo delimeter, and then restoring it to the correct
syntax, seems to be a good way to get the job done.
What we have decided may work is to use the ^^ in the UPDATE file to
define the field boundries and then escape any ' that we may see on
parse .... BUT ... we will also convert the ^^ to back to ' on the fly,
and then run the UPDATE statement in the normal way.