I will try that as well. I thought that's what the sanitize->sql()
did
. Maybe I am mistaken.
On Feb 27, 6:22 pm, "bernardo" <[EMAIL PROTECTED]> wrote:
> You don't need to escape html characters. In fact doing that will give
> you incorrect results because the escaped string will never match.
> Html escaping will convert html special chars(< > & " ') into
> entities, but what you want is adding backslashes to the characters
> that are illegal in the query.
>
> So, I think you just need to use addslashes:
>
> $this->Classified->findCount("Classified.text = '" . addslashes($ad->text) .
> "' AND
>
> Classified.editions = '$ad->editions'");
>
> On Feb 27, 10:03 pm, "Christopher E. Franklin, Sr."
>
> <[EMAIL PROTECTED]> wrote:
> > Hrmm, I seem to have fixed it.
>
> > The first time I tried this code, before I posted, it didn't work but,
> > now it does. Maybe I had a typo. /shrug
>
> > Here is what I changed:
> > [...]
> > $this->xmlID = $this->Classified->getNumRows();
> > ++$this->xmlID;
> > [...]
> > $this->matchResult = $this->Classified->findCount("text =
> > '".$this->MrClean->sql($this->MrClean->html($ad->text))."' AND editions =
> > '".
>
> > $ad->editions."'");
> > [...]
> > $this->data['Classified']['text'] =
> > $this->MrClean->sql($this->MrClean->html($ad->text));
>
> > [...]
>
> > My conclusion is that the sanitize->sql() really doesn't help if you
> > have any html characters in your text.
> > So, I convert the special characters using html() and the escape with
> > sql().
> > I do the same thing on insert so, when I match the text, it should
> > compare exactly. There a few snags. Some ads get by but, I can live
> > with it. I will just use strip slashes and html_special_chars
> > functions to convert the text back to my original HTML formatted.
>
> > Sorry for the bother and long posts
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
