[Web-SIG] JavaScript escape function
Shannon -jj Behrens
jjinux at gmail.com
Tue Apr 26 08:02:29 CEST 2005
> I'm trying to show my wife how to get some simple things done with
> PHP, mostly because there are huge reference books she can read and
> follow.
I suggest "Core PHP", but then that's because I was technical editor ;)
> (It's unfortunate that there are no nice Python solutions I
> can teach her, including my own, but we'll fix that, right?) In the
> example I'm following to construct some SQL, they do:
>
> $bar = 'some string'
> $baz = 42
> $query = "INSERT INTO foo VALUES ('$bar', $baz)"
>
> Are you telling me if $bar contains ' then all hell will break loose?
Yep. Back when I was doing PHP programming, for some reason we always
created entire queries in this way (instead of using some argument
mechanism), but we made sure to do quoting explicitly. I've seen "all
hell break loose" when I forgot to do an escape.
Best Regards,
-jj
--
I have decided to switch to Gmail, but messages to my Yahoo account will
still get through.
More information about the Web-SIG
mailing list