Re: mysql and serialized php objects?Q

From: Pedro Graca (hexkid_at_hotpop.com)
Date: 03/09/04

• Next message: Andreas Rueckert: "Re: PHP compiler"
• Previous message: Dave White: "Re: Document Library"
• In reply to: PeterF: "mysql and serialized php objects?Q"
• Next in thread: Jochen Daum: "Re: mysql and serialized php objects?Q"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 9 Mar 2004 19:51:02 GMT

PeterF wrote:
> following problem: I use a mysql query string like
>
> $arg= " insert into ".$sometable;
> $arg.=" (id, col1) ";
> $arg.="values ( '$this->id', '$data' ) ";
> ^^^^^
> $data is a product of serialize($some_object)

Well, addslashes() to it, or mysql_escape_string() it

$data = addslashes($data);

/* OR */

$data = mysql_escape_string($data);

before building the sql query string.

-- 
            --= my mail box only accepts =--
            --= Content-Type: text/plain =--
            --=  Size below 10001 bytes  =--

---

• Next message: Andreas Rueckert: "Re: PHP compiler"
• Previous message: Dave White: "Re: Document Library"
• In reply to: PeterF: "mysql and serialized php objects?Q"
• Next in thread: Jochen Daum: "Re: mysql and serialized php objects?Q"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)