You don't need to escape html characters. In fact doing that will give
you incorrect results because the escaped string will never match.
Html escaping will convert html special chars(< > & " ') into
entities, but what you want is adding backslashes to the characters
that are illegal in the query.
So, I think you just need to use addslashes:
$this->Classified->findCount("Classified.text = '" . addslashes($ad-
>text) . "' AND
Classified.editions = '$ad->editions'");
On Feb 27, 10:03 pm, "Christopher E. Franklin, Sr."
<[EMAIL PROTECTED]> wrote:
> Hrmm, I seem to have fixed it.
>
> The first time I tried this code, before I posted, it didn't work but,
> now it does. Maybe I had a typo. /shrug
>
> Here is what I changed:
> [...]
> $this->xmlID = $this->Classified->getNumRows();
> ++$this->xmlID;
> [...]
> $this->matchResult = $this->Classified->findCount("text =
> '".$this->MrClean->sql($this->MrClean->html($ad->text))."' AND editions = '".
>
> $ad->editions."'");
> [...]
> $this->data['Classified']['text'] =
> $this->MrClean->sql($this->MrClean->html($ad->text));
>
> [...]
>
> My conclusion is that the sanitize->sql() really doesn't help if you
> have any html characters in your text.
> So, I convert the special characters using html() and the escape with
> sql().
> I do the same thing on insert so, when I match the text, it should
> compare exactly. There a few snags. Some ads get by but, I can live
> with it. I will just use strip slashes and html_special_chars
> functions to convert the text back to my original HTML formatted.
>
> Sorry for the bother and long posts
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
