Questions on regular PHP expressions and such

neXGen

Hey guyes (and girls. 😉)

Got a few questions I'd like answered if it wasnt to much of a hassle!

How do you close the connection youve made to a SQL server?

How do you change " to \" and other "dangerous to php" signs before a form is put into the SQL database?

Think thats it! Ill fill in more stuff if I come up with em!

Regards

frigidman

1) mysql_close()

http://www.php.net/manual/en/function.mysql-close.php

Usually not needed, as it auto-closes at the end of a php execution.

2) addslashes()

http://www.php.net/manual/en/function.addslashes.php

Do this to any variable you wish to put into a sql query, like so:

$name_q = addslashes($name);
$sql = "INSERT INTO table SET name='$name_q'";

$sql = "INSERT INTO table SET name='".addslashes($name)."'";

Also keep in mind, if you have magic_quotes on, incoming vars will already have "addslashes" done to them. But if you have magic_quotes off in your php.ini, then you should do "addslashes" to pretty much anything you put into a sql query string.

Personally I think its far easier to deal with slashes when you NEED to deal with them (sql queries) than to have that crap magic_quotes turned on to where you then have to use MANY more "stripslashes()" functions instead.

PS: to the nit picky SOBs who might nit pick my post... I said "pretty much" anything... I didnt say "EVERYTHING"... so go jump in a frelling lake.

neXGen

Thanks for your help fridgid!
Helped me out a lot! 😃