Hi,

I have a question about the quote_smart() funtion. There are some variants available, but what they all do is wrap text-strings in quotes:

PHP Code:

function quote_smart($value)
{
$value = stripslashes($value);
if (!is_numeric($value))
$value = "'" . mysql_real_escape_string($value) . "'";
return $value;
} 


Why is this necessary? What if i already have quotes in my query:

PHP Code:

mysql_query("SELECT * FROM table WHERE name='".quote_smart($value)
."'") 


Thanks for explaining.

Matt

Then I suggest you plainly remove the single quotes from your query, because this quote_smart also adds some safety by escaping the string for MySQL.

ok, so it's actually the same quotes as in the query, thats what i needed to know. I am used to putting my quotes in the query, so i can remove this from the quote_smart function. Thanks.