addslashes()

On Sun, 17 Nov 2002, Peter Beckman wrote:

> Having a little trouble doing some inserts into a db.
>
> The problem is escaping the right characters.  Data integrity is important.
>
> Right now, I have taken an email and split it into $body and $header
> (containing the respective parts of the email) using my own parsing loop.
> Fairly simple, it doesn't really need to be posted.
>
> Before running dcc on it (see http://www.rhyolite.com/anti-spam/dcc/ if you
> want to know more), I escape the quotes:
>
>    $all2 = preg_replace("/\"/","\\\"",$header."\n".$body);
>    $cmd = 'echo "'.$all2.'" | dccproc -C';
>    $output = `$cmd`;
>
> That works great.  Does what I want it to do, at least I think it does.
>
> The larger problem comes later -- the insert:
>
>     $body = preg_replace("/\/","\\\\",$body);
>     $body = preg_replace("/\"/","\\\"",$body);
>     $x = db_query("insert into body (submitter,md5,fuz1,fuz2,body) values
>                  
>(1,'{$dcc['Body']['md5']}','{$dcc['Fuz1']['md5']}','{$dcc['Fuz2']['md5']}',\"{$body}\")");
>
> Now this works great for a good amount of emails.  I was just escaping the
> double quotes, but then I found a case where an email had in the actual
> email a backslash before the quote, so I added the first regex as well.
> But then I start running into problems:
>
>  Syntax error: EOF in backquote substitution
>
> or
>
>  <b>Warning</b>:  No ending delimiter '/' found in 
><b>/home/beckman/public_html/work/spamtracker/stlib.inc</b> on line <b>45</b><br />
>
>  line 45:           $body = preg_replace("/\/","\\\\",$body);
>
> I truly suck at regexs, and for the life of me I haven't been able to teach
> them to myself.  If anyone can't point me in the right direction, I think
> this is easily solved with a better regex than what I have.
>
> Why not just use addslashes()?  addslashes will escape the single quote,
> and it will persist through the insert, which cannot happen (need to be
> able to prove the md5 hashes generated by DCC is accurate, and adding
> slashes in the wrong place will screw that up).
>
> What's the answer?  addslashes then remove the single-quoted-slashes?
>
> Thanks for the help.
>
> Peter
> ---------------------------------------------------------------------------
> Peter Beckman            Systems Engineer, Fairfax Cable Access Corporation
> [EMAIL PROTECTED]                             http://www.purplecow.com/
> ---------------------------------------------------------------------------
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to