On Tue, May 25, 1999 at 09:26:19AM +0000, Sandrine C. wrote:
> A question : How do i insert BLOB ( big text area isnt it??).
> imagine they put a " or a '... or do i have to check all the
> text to be sure sucha character isnt here!, after inserting
> it?
A BLOB is not really a big text area. It's a big area, which
may hold any kind of data - text, pictures, executables, or
even random junk.
You have to escape the '. PHP provides an escape function to do
just that for you. The " character is not special in normal SQL,
but MySQL lets you use it instead of ' as a string delimiter. If
you do that, you'll need to escape them. The manual has all of
the info you need. Please, if you can't understand the manual,
do tell us what is wrong with it; don't ask the questions that are
fully covered there.
PLEASE note: this is NOT just for BLOBs. You NEED to be escaping
ANY data you insert, if there is the slightest chance that it
may have a special character in it. Basically, if you're getting
data from a user:
IF it's a char-type field (char/varchar/text/blob)
escape the data
ELSE
make sure it's in the right format (date/int/float) or
reject it
Tim
