Hi, Doesn't sound like an OO issue, sounds like you're kiling the query with the '. You should go thru and maybe do an str_replace( "'", "\'", $_POST['test'] ) on all your post variables.
-Dan Joseph > -----Original Message----- > From: Matthew Sims [mailto:[EMAIL PROTECTED] > Sent: Monday, July 12, 2004 4:08 PM > To: [EMAIL PROTECTED] > Subject: [PHP] OO woes > Importance: High > > PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24) > > I'm just getting my feet wet with OO and have run into a > problem that I'm not familiar with...yet. > > I have a class that does a database connection and query all > together. It all works nicely until....until my query has a > word with quotes around it. > > I've tried addslashes and mysql_escape_string but when I do I > get a Fatal Error. It occurs in the execute($query) function > down below. > > I'm also using the recommended php.ini file...magic quotes > off and all. > > ***************************************** > class DB_Mysql { > > protected $user; // Database username > protected $pass; // Database password > protected $dbhost; // Database host > protected $dbname; // Database name > protected $dbh; // Database handle > > public function __construct($user, $pass, $dbhost, $dbname) { > $this->user = $user; > $this->pass = $pass; > $this->dbhost = $dbhost; > $this->dbname = $dbname; > } > > protected function connect() { > $this->dbh = mysql_connect($this->dbhost, > $this->user, $this->pass); > > if (!is_resource($this->dbh)) { > throw new Exception; > } > > if (!mysql_select_db($this->dbname, $this->dbh)) { > throw new Exception; > } > } > > public function execute($query) { > if (!$this->dbh) { > $this->connect(); > } > > // My $query has quotes in it > // I try to escape the quotes > $query = mysql_escape_string($query); > // It causes an error > $ret = mysql_query($query, $this->dbh); > > if (!$ret) { > // An Exception error is thrown > throw new Exception; > } elseif (!is_resource($ret)) { > return TRUE; > } else { > $statment = new DB_MysqlStatement($this->dbh, $query); > return $statement; > } > } > } > ***************************************** > > My query statement is: > $query = 'INSERT into aeMail set test=\''.$_POST["test"].'\''; > > I call the class as follows: > $dbh = new DB_Mysql("user","passwd","localhost","test"); > $query = 'INSERT into aeMail set > test=\''.$_POST["test"].'\''; $dbh->execute($query); > > If the $_POST variable does not contain any quotes, the class > works perfectly. But whenever quotes are passed through, I > get the following > error: > > Fatal error: Uncaught exception 'Exception' in > /www/htdocs/classes/db_class.php:53 Stack trace: #0 > /www/htdocs/letter.php(51): DB_Mysql->execute('INSERT into > aeM...') #1 {main} thrown in /www/htdocs/classes/db_class.php > on line 53 > > --Matthew Sims > --<http://killermookie.org> > > > > -- > PHP General Mailing List (http://www.php.net/) To > unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php