On 02 September 2003 16:45, Craig Cameron wrote:

> Ok simple problem I hope.
> 
> 
> Have the following code, used to store the location and a few
> details about meeting minutes.
> 
> <snip>
>               $connection = mssql_connect("server","user","password");
>               mssql_select_db("DocumentManager",$connection);
> 
>               $AlteredMinutesLocation =
> str_replace("\\","\",$MinutesLocation);
> 
>               $SQL_STRING = "INSERT INTO tblMeetingMinutes
> VALUES('$Date','$Type','$AlteredMinutesLocation','$Centre')";
> 
>               $Result = mssql_query($SQL_STRING,$connection);
>               mssql_close($connection);
> 
> </snip>


This script cannot possibly run -- it should have a parse error.  Due to the
way PHP handles backslashes in literal strings, the function call

   str_replace("\\","\",$MinutesLocation);

has a string containing 1 (one) backslash, and an unterminated string
containing
a double-quote and then everything up to the next double-quote (which is
actually part-way through the next line).

> Problem is the backslashes. When I collect the filepath
> ($Location) it puts \\ into the db. However, when I change
> this it stops dead. Basically due to the escape
> charateristics of the backslash. I can get around this with
> single quotes of course but can't put these in the SQL_STRING
> as it falls down there then!

I'm not sure I exactly follow what you're saying, but yes, there is
definitely a problem caused by the escape characteristics of the \.
However, I'm not sure it's where you think it is.  The problem I can see in
your supplied script is that you haven't properly expressed in the replace()
call strings representing \\ and \.  Since \ is the escape character, every
\ has to be escaped by itself, so the correct way of writing this is:

  $AlteredMinutesLocation = str_replace("\\\\","\\",$MinutesLocation);

(Note that single-quotes make no difference here, as ' (and \ itself, of
course) are just about the only characters escaped by \ in a single-quoted
string!!)

None of this should be relevant to the interpolation of
$AlteredMinutesLocation into $SQL_STRING, since variable interpolation just
inserts whatever is in the variable, without any backslash escaping or other
fancy footwork.

Or another option might be stripslashes().

Cheers!

Mike

---------------------------------------------------------------------
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730      Fax:  +44 113 283 3211 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to