Hi,
Doesn't sound like an OO issue, sounds like you're kiling the query
with the '. You should go thru and maybe do an str_replace( "'", "\'",
$_POST['test'] ) on all your post variables.
-Dan Joseph
> -----Original Message-----
> From: Matthew Sims [mailto:[EMAIL PROTECTED]
> Sent: Monday, July 12, 2004 4:08 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] OO woes
> Importance: High
>
> PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24)
>
> I'm just getting my feet wet with OO and have run into a
> problem that I'm not familiar with...yet.
>
> I have a class that does a database connection and query all
> together. It all works nicely until....until my query has a
> word with quotes around it.
>
> I've tried addslashes and mysql_escape_string but when I do I
> get a Fatal Error. It occurs in the execute($query) function
> down below.
>
> I'm also using the recommended php.ini file...magic quotes
> off and all.
>
> *****************************************
> class DB_Mysql {
>
> protected $user; // Database username
> protected $pass; // Database password
> protected $dbhost; // Database host
> protected $dbname; // Database name
> protected $dbh; // Database handle
>
> public function __construct($user, $pass, $dbhost, $dbname) {
> $this->user = $user;
> $this->pass = $pass;
> $this->dbhost = $dbhost;
> $this->dbname = $dbname;
> }
>
> protected function connect() {
> $this->dbh = mysql_connect($this->dbhost,
> $this->user, $this->pass);
>
> if (!is_resource($this->dbh)) {
> throw new Exception;
> }
>
> if (!mysql_select_db($this->dbname, $this->dbh)) {
> throw new Exception;
> }
> }
>
> public function execute($query) {
> if (!$this->dbh) {
> $this->connect();
> }
>
> // My $query has quotes in it
> // I try to escape the quotes
> $query = mysql_escape_string($query);
> // It causes an error
> $ret = mysql_query($query, $this->dbh);
>
> if (!$ret) {
> // An Exception error is thrown
> throw new Exception;
> } elseif (!is_resource($ret)) {
> return TRUE;
> } else {
> $statment = new DB_MysqlStatement($this->dbh, $query);
> return $statement;
> }
> }
> }
> *****************************************
>
> My query statement is:
> $query = 'INSERT into aeMail set test=\''.$_POST["test"].'\'';
>
> I call the class as follows:
> $dbh = new DB_Mysql("user","passwd","localhost","test");
> $query = 'INSERT into aeMail set
> test=\''.$_POST["test"].'\''; $dbh->execute($query);
>
> If the $_POST variable does not contain any quotes, the class
> works perfectly. But whenever quotes are passed through, I
> get the following
> error:
>
> Fatal error: Uncaught exception 'Exception' in
> /www/htdocs/classes/db_class.php:53 Stack trace: #0
> /www/htdocs/letter.php(51): DB_Mysql->execute('INSERT into
> aeM...') #1 {main} thrown in /www/htdocs/classes/db_class.php
> on line 53
>
> --Matthew Sims
> --<http://killermookie.org>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/) To
> unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
