I am trying to insert email headers read from impap in to a mysql text field. Problem is the headers are full of slashes, commas, quotes, line feeds. mysql_escape doesnt come near it. The different mail server responses can lead to quite different headers. Do i have to do some weird voodoo before storage?
+1
A:
mysql_real_escape_string() should really be all you need:
mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.
are you working with multiple connections? If you are, be sure to add $link_identifier to the call, as defined in the manual.
Pekka
2010-01-31 23:37:31
I am a pillock - mysqlescape string does work just fine. Late nights and commas got me fuzzcooed.
alanski
2010-02-06 00:27:08
A:
Use prepared statements instead of building the query using strings.
See for example here.
Mark Byers
2010-01-31 23:37:48