addslashes/mysql_real_escape_string

> mysql_real_escape_string() is not meant to be taking objects. It
> requires a string. If you want to do this, you need a __tostring()
> method in your class to convert to a string.
>
> Or, if you want to bring it back out into a string later, you should
> first serialize() the object, then after retrieval, unserialize() it.

This is not my class, SimpleXMLElement is an inbuilt class of php. You
can read an xml file into a variable and say "echo $xml->person-
>name", it will interpret it as a string and does not leak any memory.
If one function lets you rely on autocasting the other does not, then
php becomes a mine field for the programmer, or __tostring() can be
declared a broken idea.

Gabest wrote:
>> mysql_real_escape_string() is not meant to be taking objects. It
>> requires a string. If you want to do this, you need a __tostring()
>> method in your class to convert to a string.
>>
>> Or, if you want to bring it back out into a string later, you should
>> first serialize() the object, then after retrieval, unserialize() it.
>
> This is not my class, SimpleXMLElement is an inbuilt class of php. You
> can read an xml file into a variable and say "echo $xml->person-
>> name", it will interpret it as a string and does not leak any memory.
> If one function lets you rely on autocasting the other does not, then
> php becomes a mine field for the programmer, or __tostring() can be
> declared a broken idea.
>

Makes no difference. mysql_real_escape_string() should be used for
STRINGS, not objects. Results in the latter case are unpredictable.

If you want to store an object of the simplexml class in your database,
you should derive your own class from it and implement the __tostring()
method. Or serialize the object and store it.

__tostring() is not meant to be a replacement for serialize().

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================