[PHP] Should I convert special characters before writing them to a table?
The reason I ask is, I'm having a problem processing rows in a table that
contain single quotes (specifically, the PHP code I wrote that allows the
user to duplicate a row doesn't work if the a field in the row has a single
quote in it).
Would it be better for me to strip out the single quotes before the rows are
written, replacing them with another special [harmless] character, and just
dynamically swapping that character out for the orginal when the row is
displayed? Any thoughts? I just started doing this PHP/MySQL thing a
couple weeks ago, and I realize I have a lot to learn. Any suggestions
would be much appreciated.
Oh, and by the way, here is the PHP code for duplicating rows that fails to
execute when a field in the row it's processing contains a single quote.
=
// DUPLICATE
if ($action == dup) {
$result = mysql_query(SELECT * FROM $table WHERE id=$id,$db);
$myrow = mysql_fetch_array($result);
$comma = ;
for ($i = $priv; $i $columns; $i++) {
$fld = mysql_field_name($fields, $i);
$set .= $comma.$fld='.$myrow[$i].';
$comma = , ;
}
// run SQL against the DB
$sql = INSERT $table SET $set;
$result = mysql_query($sql);
$affected = $id;
echo td width=10img border=0 src=../../common/spacer.gif width=10
height=1/tdtd align=center valign=middle bgcolor=#eespan
class=adminnormalgreyRecord duplicated/span/td;
}
=
Thanks.
...Rene
---
Rene Fournier
[EMAIL PROTECTED]
_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Should I convert special characters before writing them to a table?
René Fournier [EMAIL PROTECTED] wrote: The reason I ask is, I'm having a problem processing rows in a table that contain single quotes (specifically, the PHP code I wrote that allows the user to duplicate a row doesn't work if the a field in the row has a single quote in it). Try addslashes() before executing the query and stripslashes() when retrieving data from the db. See the online manual for more details. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Should I convert special characters before writing them to a table?
Try addslashes() before executing the query and stripslashes() when retrieving data from the db. See the online manual for more details. I think stripslashes() isn't needed when retrieving data from the db, it is needed only in the query string to protect special chars from interpretting them as sql. Arpi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Should I convert special characters before writing them to a table?
Arpad Tamas [EMAIL PROTECTED] wrote: I think stripslashes() isn't needed when retrieving data from the db, it is needed only in the query string to protect special chars from interpretting them as sql. I want to say this isn't true, but maybe that depends on the configuration of PHP (I'm thinking magic quotes settings off-hand). From experience I know that stripslashes() can be needed when retrieving data from a db. Just today I've had to do so for clients separately using PostgreSQL and MySQL. YMMV. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
