List:General Discussion« Previous MessageNext Message »
From:Thimble Smith Date:May 25 1999 7:24pm
Subject:Re: connection to DB + LOAD
View as plain text  
On Tue, May 25, 1999 at 09:26:19AM +0000, Sandrine C. wrote:
> A question : How do i insert BLOB ( big text area isnt it??).
> imagine they put  a " or a '... or do i have to check all the
> text to be sure sucha  character isnt here!, after inserting
> it?

A BLOB is not really a big text area.  It's a big area, which
may hold any kind of data - text, pictures, executables, or
even random junk.

You have to escape the '.  PHP provides an escape function to do
just that for you.  The " character is not special in normal SQL,
but MySQL lets you use it instead of ' as a string delimiter.  If
you do that, you'll need to escape them.  The manual has all of
the info you need.  Please, if you can't understand the manual,
do tell us what is wrong with it; don't ask the questions that are
fully covered there.

PLEASE note: this is NOT just for BLOBs.  You NEED to be escaping
ANY data you insert, if there is the slightest chance that it
may have a special character in it.  Basically, if you're getting
data from a user:

    IF it's a char-type field (char/varchar/text/blob)
        escape the data
    ELSE
        make sure it's in the right format (date/int/float) or
        reject it

Tim
Thread
connection to DB + LOADSandrine C.25 May
  • Re: connection to DB + LOADThimble Smith25 May
  • RE: connection to DB + LOADDon Read25 May
Re: connection to DB + LOADSandrine C.25 May
  • Re: connection to DB + LOADThimble Smith25 May