0

dear friend i want to insert a row in orecal which is

insert into employee ('AMIT D'SOZA', 'MANAGER','500')

thorugth php
but there is problem to insert data like 'AMIT D'SOZA'
so i want to restrict "'" (singal quets ) to enter in text fields
plz help me if you have any other solution then plz shere it

3
Contributors
4
Replies
12
Views
3 Years
Discussion Span
Last Post by rtrethewey
-1

You should use mysql_real_escape_string() or mysqli_real_escape_string() on most string data before you store it in a mySQL database. This is especially true for data that comes from forms. Then when you retrieve this data, you can restore it to the original state with stripslashes().

Do some reading on "PHP mySQL security" and you'll get a more complete explanation of all this.

0

You should use mysql_real_escape_string() or mysqli_real_escape_string() on most string data before you store it in a mySQL database.

Although misspelled, he's using Oracle.

0

Thanks. I missed that.

I would expect that there's an equivilent function for Oracle, but in the meantime you could use addslashes(). Best to check for a proper function that protects your database from hackers, of course.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.