Some time ago I introduced a SQL heredoc in PHP. Why not use this:
… $query = <<<SQL SELECT * FROM `users` WHERE `foo` = {$bar}; SQL; …
It will color the SQL according to the SQL syntax and let PHP substitute the variables as specified here: http://www.php.net/manual/ en/language.types.string.php#language.types.string.syntax.heredoc
I'd also advise using a function like this to quote/escape your SQL data:
function quote_smart($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not numeric if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; }
Soryu
On 06.03.2006, at 08:55, Quinn Comendant wrote:
Anybody wish to help me with a pattern for the PHP language bundle? I have embedded SQL under a variable such as below. I'm having trouble excluding the addslashes part from the scope.