At 9:46 PM -0700 6/27/1999, Ed Lazor wrote:
>Hi :)
>
>I'm really new to this MySQL stuff so please forgive me if this is a looser
>question...
>
>I created a web page with a form to enter data into the database... and it
>works... accept for
>when someone enters some data into a text field that has the character '
>I have no idea
>why it's doing that but was hoping someone here might have an idea... umm..
>any ideas?
>
>Do I just need to tell people not to use that character? Do I have to
>filter the input for
>valid information?
Depends on how you're processing the form:
C - use mysql_escape_string()
Perl DBI - use $dbh->quote()
PHP - use addslashes()
or are you using something else?
--
Paul DuBois, paul@stripped
Northern League Chronicles: http://www.snake.net/nl/
