Possible Duplicate:
Best way to prevent SQL injection in PHP?
MySQL not allowing me to enter Irish surnames without my entering \ before the ' in the form field. What is the best way to prepare the data so the ' is automatically escaped.
Asked
Active
Viewed 37 times
0
-
2Use prepared statements. – Matt Ball Nov 02 '12 at 19:44
-
1Something about 'bobby tables' comes to mind, here... – Andrew Barber Nov 02 '12 at 19:44
-
Most server side languages provide a string `replace` function. – Shmiddty Nov 02 '12 at 19:45
-
can you not use double quotes to build your statement, nullifying the need to escape the single quotes? – Billy Moon Nov 02 '12 at 19:48