Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming escape_str in mysql
escape_str in mysql
  • El Forum
    Guest
  •  
#1
09-24-2007, 08:46 AM

[eluser]displaynone[/eluser]
I have been looking for a similar bug, but I don't find it, so I decide to write a new one.
When I try to escape a string using escape_str function, I get incorrect results.
For example:
Code:
$query = $this->db->query('insert into table values (?, ?)', array('value1', 'value2 /\/\/\'));
The query result is:
Code:
insert into table values ('value1', 'value2 /\/\/\')
The error is in the last slash & quote.

The escape_str function is this:
Code:
function escape_str($str)    
{    
  // Escape single quotes
  return str_replace("'", "''", $str);
}
Why do you do this way if exists the function mysql_escape_string?

Thanks for your time and sorry for my english


Messages In This Thread
escape_str in mysql - by El Forum - 09-24-2007, 08:46 AM
escape_str in mysql - by El Forum - 09-24-2007, 09:33 AM
escape_str in mysql - by El Forum - 09-24-2007, 10:42 AM



Theme © iAndrew 2016 - Forum software by © MyBB