> Hi, > > Doesn't sound like an OO issue, sounds like you're kiling the query > with the '. You should go thru and maybe do an str_replace( "'", "\'", > $_POST['test'] ) on all your post variables. > > -Dan Joseph >
Ha! That did it. Thanks! --Matthew Sims --<http://killermookie.org> >> -----Original Message----- >> From: Matthew Sims [mailto:[EMAIL PROTECTED] >> Sent: Monday, July 12, 2004 4:08 PM >> To: [EMAIL PROTECTED] >> Subject: [PHP] OO woes >> Importance: High >> >> PHP version 5.0.0RC3 (cgi) (built: Jul 9 2004 13:18:24) >> >> I'm just getting my feet wet with OO and have run into a >> problem that I'm not familiar with...yet. >> >> I have a class that does a database connection and query all >> together. It all works nicely until....until my query has a >> word with quotes around it. >> >> I've tried addslashes and mysql_escape_string but when I do I >> get a Fatal Error. It occurs in the execute($query) function >> down below. >> >> I'm also using the recommended php.ini file...magic quotes >> off and all. >> >> ***************************************** >> class DB_Mysql { >> >> protected $user; // Database username >> protected $pass; // Database password >> protected $dbhost; // Database host >> protected $dbname; // Database name >> protected $dbh; // Database handle >> >> public function __construct($user, $pass, $dbhost, $dbname) { >> $this->user = $user; >> $this->pass = $pass; >> $this->dbhost = $dbhost; >> $this->dbname = $dbname; >> } >> >> protected function connect() { >> $this->dbh = mysql_connect($this->dbhost, >> $this->user, $this->pass); >> >> if (!is_resource($this->dbh)) { >> throw new Exception; >> } >> >> if (!mysql_select_db($this->dbname, $this->dbh)) { >> throw new Exception; >> } >> } >> >> public function execute($query) { >> if (!$this->dbh) { >> $this->connect(); >> } >> >> // My $query has quotes in it >> // I try to escape the quotes >> $query = mysql_escape_string($query); >> // It causes an error >> $ret = mysql_query($query, $this->dbh); >> >> if (!$ret) { >> // An Exception error is thrown >> throw new Exception; >> } elseif (!is_resource($ret)) { >> return TRUE; >> } else { >> $statment = new DB_MysqlStatement($this->dbh, $query); >> return $statement; >> } >> } >> } >> ***************************************** >> >> My query statement is: >> $query = 'INSERT into aeMail set test=\''.$_POST["test"].'\''; >> >> I call the class as follows: >> $dbh = new DB_Mysql("user","passwd","localhost","test"); >> $query = 'INSERT into aeMail set >> test=\''.$_POST["test"].'\''; $dbh->execute($query); >> >> If the $_POST variable does not contain any quotes, the class >> works perfectly. But whenever quotes are passed through, I >> get the following >> error: >> >> Fatal error: Uncaught exception 'Exception' in >> /www/htdocs/classes/db_class.php:53 Stack trace: #0 >> /www/htdocs/letter.php(51): DB_Mysql->execute('INSERT into >> aeM...') #1 {main} thrown in /www/htdocs/classes/db_class.php >> on line 53 >> >> --Matthew Sims >> --<http://killermookie.org> >> >> >> >> -- >> PHP General Mailing List (http://www.php.net/) To >> unsubscribe, visit: http://www.php.net/unsub.php >> > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
