Re: [Christopherb] Comments
Hi,
We normally use the mysql_escape function.
For example, an insert statement might look like this:
$query = "INSERT INTO `{$TABLE_PREFIX}articles` SET
createdDate = NOW(),
updatedDate = NOW(),
createdByUserNum = '".intval(@$CURRENT_USER['num'])."',
updatedByUserNum = '".intval(@$CURRENT_USER['num'])."',
title = '".mysql_escape(@$_REQUEST['title'])."',
content = '".mysql_escape(@$_REQUEST['content'])."'";
mysqlStrictMode(false);
mysql_query($query) or die ("Mysql Error: ".mysql_error()."<br/>\n");
Hope this helps get you started
---------------------------------------------------
Jason Sauchuk - Project Manager
interactivetools.com
Hire me! Save time by getting our experts to help with your project.
http://www.interactivetools.com/consulting/