Php updating database 4 adult dating

You could just as easily throw a delete or drop statement in there instead of just commenting off the remainder of the sql statement.

mysql_real_escape_string() doesn't show a \ in up to date My SQL or after retrieval to a web page but does in my older My SQL version so I've put stripslashes only into the retrieval code for display on a web page, I don't mind if the \ shows in the database; it's probably should be there for sql injection protection.

In it says for htmlspecialchars ''' (single quote) becomes ''' only when ENT_QUOTES is set.

page=2 Say you wanted to show ten records per page.

You could then get the page variable from the URL using $_GET and then modify the My SQL command so it limits the results ( I haven't tested this, but you may be able to do something similar to this: This should give you a rough place to start, though I imagine it will need some tweaking to make sure the number isn't invalid.

With your example, if someone's name is D'Arcy Wentworth Thompson, (a real name) does that show as D'Arcy Wentworth Thompson in the database or as D\'Arcy Wentworth Thompson and when you view the name on a web page is it D\'Arcy Wentworth Thompson which would look odd?

I've now got my version of a booking form with output to a table on a webpage working as I want.

If all " and ' are converted to " and ' before entering the database, why is there a need for mysql_real_escape_string() if htmlspecialchars or ENT_QUOTES is used? Google has lots of posts that mysql_real_escape_string() is not as good as it makes out to be and in my case it would stop the \ if I just relied on htmlspecialchars like you did originally or ENT_QUOTES to convert ' as well as "?

The up to date My SQL seems to give no problems; the above is just for my old My SQL version.

It was all set up and working before I saw this topic and tried adding mysql_real_escape_string().

Tags: , ,