On 02 September 2003 16:45, Craig Cameron wrote:
> Ok simple problem I hope.
>
>
> Have the following code, used to store the location and a few
> details about meeting minutes.
>
> <snip>
> $connection = mssql_connect("server","user","password");
> mssql_select_db("DocumentManager",$connection);
>
> $AlteredMinutesLocation =
> str_replace("\\","\",$MinutesLocation);
>
> $SQL_STRING = "INSERT INTO tblMeetingMinutes
> VALUES('$Date','$Type','$AlteredMinutesLocation','$Centre')";
>
> $Result = mssql_query($SQL_STRING,$connection);
> mssql_close($connection);
>
> </snip>
This script cannot possibly run -- it should have a parse error. Due to the
way PHP handles backslashes in literal strings, the function call
str_replace("\\","\",$MinutesLocation);
has a string containing 1 (one) backslash, and an unterminated string
containing
a double-quote and then everything up to the next double-quote (which is
actually part-way through the next line).
> Problem is the backslashes. When I collect the filepath
> ($Location) it puts \\ into the db. However, when I change
> this it stops dead. Basically due to the escape
> charateristics of the backslash. I can get around this with
> single quotes of course but can't put these in the SQL_STRING
> as it falls down there then!
I'm not sure I exactly follow what you're saying, but yes, there is
definitely a problem caused by the escape characteristics of the \.
However, I'm not sure it's where you think it is. The problem I can see in
your supplied script is that you haven't properly expressed in the replace()
call strings representing \\ and \. Since \ is the escape character, every
\ has to be escaped by itself, so the correct way of writing this is:
$AlteredMinutesLocation = str_replace("\\\\","\\",$MinutesLocation);
(Note that single-quotes make no difference here, as ' (and \ itself, of
course) are just about the only characters escaped by \ in a single-quoted
string!!)
None of this should be relevant to the interpolation of
$AlteredMinutesLocation into $SQL_STRING, since variable interpolation just
inserts whatever is in the variable, without any backslash escaping or other
fancy footwork.
Or another option might be stripslashes().
Cheers!
Mike
---------------------------------------------------------------------
Mike Ford, Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS, LS6 3QS, United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
