Confusion with html entities

Hi

Thank you for your reply, now I am really confused!

Ok its a while since I did the programming side of my website as I have spent the last 18 months doing the content.

I link to my database using:

require_once('connections/conndelete.php');

require_once('connections/connsearch.php');

require_once('connections/connadd.php');

require_once('connections/connupdate.php');

// with the connections details in the connections file

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

}

mysql_select_db($database_connsearch, $connsearch);

$query_reMenuBeds = "SELECT * FROM bedtable";

$reMenuBeds = @ mysql_query($query_reMenuBeds, $connsearch);

$row_reMenuBeds = mysql_fetch_assoc($reMenuBeds);

$totalRows_reMenuBeds = mysql_num_rows($reMenuBeds);

Is the above the depreciated code?

Please could you point me in the direction of some information on the best way to amend my code to the prepared statements and parametrized queries that you mention.

Will I still be able to pull the information from my MySQL database?

This has thrown my completely as I though I was almost ready to go online so please could you point me in the right directions to changing my code with the least changes as in PDO or MysQLi which is the nearest to what I have been doing?

Hope you can help me,

I look forward to your reply,

Thank you in advance

Date: Tue, 6 Nov 2012 15:14:30 -0700

From: forums_noreply@adobe.com

To: linda.barker7@hotmail.com

Subject: Confusion with html entities

Re: Confusion with html entities

created by Rob Hecker2 in Developing server-side applications in Dreamweaver - View the full discussion

It sounds like you are using the deprecated MySQL connection. NO ONE SHOULD BE USING THAT ANY LONGER! Use PDO or MySQLi with prepared statements and parameterized queries to avoid SQL injection attacks. Then you don't have to concern yourself with quotation marks in the data. Of course you must still validate and sanitize, but you don't need to convert the quotes/appostrophes, and no htmlentities needed.

Please note that the Adobe Forums do not accept email attachments. If you want to embed a screen image in your message please visit the thread in the forum to embed the image at http://forums.adobe.com/message/4828130#4828130

Replies to this message go to everyone subscribed to this thread, not directly to the person who posted the message. To post a reply, either reply to this email or visit the message page:

To unsubscribe from this thread, please visit the message page at . In the Actions box on the right, click the Stop Email Notifications link.

Start a new discussion in Developing server-side applications in Dreamweaver by email or at Adobe Community

For more information about maintaining your forum email notifications please go to http://forums.adobe.com/message/2936746#2936746.