[PHP-DB] Error checking and escaping before running a query (MySQL)
Hi all I have a searchbox that throws a wobbly when certain characters are entered into it - basically the user is supposed to enter a space-delimited list of words to search for, and then I create an array from it and turn it into an OR etc query. What I initially did was replace all commas with spaces, but I've realised that double-quotes mess it up too. The command I used for the spaces is $searchbox = ereg_replace( , , , $searchbox); I tried $searchbox = ereg_replace( \ , , $searchbox); but the page shows an error of Warning: REG_EPAREN: in d:\apache\htdocs\dev\code\can_search_quick.php on line 22 there's a parse error if I don't escape the , so what can I do? I know how to do it in VB! I searched PHP.net, but could only find an old bug report that advised escaping special characters! Help! Thanks in advance Dave
RE: [PHP-DB] Error checking and escaping before running a query (MySQL)
Dave, sounds like you are on the right track, but rather than use the comparatively bulky regular expression engine, why not just the light-weight string function str_replace( ,, , $searchbox ); (see String Functions in the manual) and you should be able to do str_replace( \, , $searchbox ); without violating any holy regex laws :) // -Original Message- // From: Dave Watkinson [mailto:[EMAIL PROTECTED]] // Sent: Wednesday, 8 August 2001 3:18 PM // To: PHP-DB List (E-mail) // Subject: [PHP-DB] Error checking and escaping before running a query // (MySQL) // // // Hi all // // I have a searchbox that throws a wobbly when certain characters are // entered into it - basically the user is supposed to enter a // space-delimited list of words to search for, and then I // create an array // from it and turn it into an OR etc query. // // What I initially did was replace all commas with spaces, but I've // realised that double-quotes mess it up too. // // The command I used for the spaces is // // $searchbox = ereg_replace( , , , $searchbox); // // I tried // // $searchbox = ereg_replace( \ , , $searchbox); // // but the page shows an error of // // Warning: REG_EPAREN: in // d:\apache\htdocs\dev\code\can_search_quick.php on line 22 // // there's a parse error if I don't escape the , so what can I // do? I know // how to do it in VB! // // I searched PHP.net, but could only find an old bug report // that advised // escaping special characters! // // Help! // // // Thanks in advance // // // Dave // // -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP-DB] Error checking and escaping before running a query (MySQL)
Wicked! Thanks Beau - it's not quite there but it's better than errors and timeouts all over the place! I'll keep playing with it - thanks again! Dave -Original Message- From: Beau Lebens [mailto:[EMAIL PROTECTED]] Sent: 08 August 2001 08:28 To: Dave Watkinson; PHP-DB List (E-mail) Subject: RE: [PHP-DB] Error checking and escaping before running a query (MySQL) Dave, sounds like you are on the right track, but rather than use the comparatively bulky regular expression engine, why not just the light-weight string function str_replace( ,, , $searchbox ); (see String Functions in the manual) and you should be able to do str_replace( \, , $searchbox ); without violating any holy regex laws :) // -Original Message- // From: Dave Watkinson [mailto:[EMAIL PROTECTED]] // Sent: Wednesday, 8 August 2001 3:18 PM // To: PHP-DB List (E-mail) // Subject: [PHP-DB] Error checking and escaping before running a query // (MySQL) // // // Hi all // // I have a searchbox that throws a wobbly when certain characters are // entered into it - basically the user is supposed to enter a // space-delimited list of words to search for, and then I // create an array // from it and turn it into an OR etc query. // // What I initially did was replace all commas with spaces, but I've // realised that double-quotes mess it up too. // // The command I used for the spaces is // // $searchbox = ereg_replace( , , , $searchbox); // // I tried // // $searchbox = ereg_replace( \ , , $searchbox); // // but the page shows an error of // // Warning: REG_EPAREN: in // d:\apache\htdocs\dev\code\can_search_quick.php on line 22 // // there's a parse error if I don't escape the , so what can I // do? I know // how to do it in VB! // // I searched PHP.net, but could only find an old bug report // that advised // escaping special characters! // // Help! // // // Thanks in advance // // // Dave // // -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]