Code: Select all
function createUser($udate, $sent, $status, $format, $email)
{
$email = mysql_real_escape_string($email);
$sql = sprintf('INSERT INTO users VALUES (0, %d, %d, %d, %d, "%s")', $udate, $sent, $status, $format, $email);
mysql_query($sql);
return mysql_insert_id();
}I output the $sql and the following was shown:
Code: Select all
INSERT INTO users VALUES (0, 1193424189, 0, 0, 0, "o\'brien@hotmail.com")Is it safe to assume that if my SQL statement echo'ed right before INSERT is escaped - then it's safely being added and I am not seeing slashes in PMA because of some funky server setup in PHP?
Any ideas as to what the heck is going on here?