Re: [PHP] apostrphe's entered into MySQL database
Whoops...helps if I write it legally. $dbStr = preg_replace("/'/", "/\\'/", $dbStr); $dbStr = preg_replace("/'/", "/''/", $dbStr); M On Wed, 27 Feb 2002, Matt Drake wrote: > I don't see why addslashes wouldn't work, but why not roll your own? > > $dbStr = preg_replace("/'/", "/\\'/"); > > I believe that, in MySQL, you can also double-up single quotes to escape > them: > > $dbStr = preg_replace("/'/", "/''/"); > > HTH > Matt > > On Wed, 27 Feb 2002, Tim Thorburn wrote: > > > Hi, > > > > I've sent a few emails thus far regarding adding apostrophe's through a PHP > > script form into a MySQL database. The responses I received indicated to > > me that I needed to get my hosting company to activate magic_quotes_gpc. > > > > After several days of talking with what seems to be the sole tech support > > person left at my hosting company - I was told that the magic_quotes_gpc > > variable is not supported by them. > > > > Sooo ... this leaves me in a rather awkward situation. I need to have a > > basic content management system up and running in the extremely near future > > that will be utilized by a great number of individuals. If when an > > apostrophe is entered - all the information entered through the form is > > rejected by the database - the entire endeavour suddenly becomes rather > > useless. > > > > I know that if I enter a \ before any apostrophe's in the form, it all > > works well ... but I highly doubt that the large number of volunteer's > > we're going to be working with here will take the time to add them, or even > > remember 5 minutes after I tell them. > > > > Does anyone have any possible solutions for this problem? I'll include the > > portion of code that seems to be causing the problems now ... > > > > I'm already using the addslashes() command and it is not working ... I'm > > desperate at this point ... > > > > Again, the following works flawlessly on my local test machine running > > Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web > > host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32 > > > > Thanks in advance, > > -Tim > > > > > > > $db = mysql_connect("localhost", "", ""); > > mysql_select_db("edoinfo",$db); > > > > if ($submit) { > > // here if no ID then adding else we're editing > > if ($id) { > > $sql = "UPDATE ai_data SET > > >section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW() > > WHERE id=$id"; > > } else { > > $sql = "INSERT INTO ai_data > > (section,subsection,heading,title,info,entry) VALUES > > ('$section','$subsection','$heading','$title','$info',NOW())"; > > } > > // run SQL against the DB > > $result = mysql_query($sql); > > echo "Record updated/edited!"; > > echo "ADD A RECORD"; > > > > } elseif ($delete) { > > // delete a record > > $sql = "DELETE FROM ai_data WHERE id=$id"; > > > > $result = mysql_query($sql); > > > > echo "$sql Record deleted!"; > > echo "ADD A RECORD"; > > > > } else { > > // this part happens if we don't press submit > > if (!$id) { > > // print the list if there is not editing > > $result = mysql_query("SELECT * FROM ai_data",$db); > > while ($myrow = mysql_fetch_array($result)) { > > printf("%s \n", $PHP_SELF, > > $myrow["id"], $myrow["title"]); > > > > printf("(DELETE)", > > $PHP_SELF, $myrow["id"]); > > } > > } > > > > ?> > > ADD A RECORD > > > > > if ($id) { > > // editing so select a record > > $sql = "SELECT * FROM ai_data WHERE id=$id"; > > $result = mysql_query($sql); > > $myrow = mysql_fetch_array($result); > > > > $id = $myrow["id"]; > > $section = $myrow["section"]; > > $subsection = $myrow["subsection"]; > > $heading = $myrow["heading"]; > > $title = addslashes($myrow["title"]); > > $info = addslashes($myrow["info"]); > >$entry = $myrow["entry"]; > > > > // print the id for editing > > ?> > > > > > } > > ?> > > > > Section: > > > > > size="35" maxlength="100" > > > > > > > > > Sub-Section: > > > >> > > > > > > > > Heading Graphic: > > > > > size="35" maxlength="255" > > > > > > > > > Section Title: > > > > > size="35" maxlength="255" > > > > > > > > > > > > > > > Document Information: > > > > > include('../../../scripts/forms.css'); ?>> > > > > > > > > > > > > > > > > Event Entry: > > > > > > > > > > > > > > > > > > > > > > > border=0 alt="Enter Information" style="background-color: 00; > > font-size: 14; color:
Re: [PHP] apostrphe's entered into MySQL database
I don't see why addslashes wouldn't work, but why not roll your own? $dbStr = preg_replace("/'/", "/\\'/"); I believe that, in MySQL, you can also double-up single quotes to escape them: $dbStr = preg_replace("/'/", "/''/"); HTH Matt On Wed, 27 Feb 2002, Tim Thorburn wrote: > Hi, > > I've sent a few emails thus far regarding adding apostrophe's through a PHP > script form into a MySQL database. The responses I received indicated to > me that I needed to get my hosting company to activate magic_quotes_gpc. > > After several days of talking with what seems to be the sole tech support > person left at my hosting company - I was told that the magic_quotes_gpc > variable is not supported by them. > > Sooo ... this leaves me in a rather awkward situation. I need to have a > basic content management system up and running in the extremely near future > that will be utilized by a great number of individuals. If when an > apostrophe is entered - all the information entered through the form is > rejected by the database - the entire endeavour suddenly becomes rather > useless. > > I know that if I enter a \ before any apostrophe's in the form, it all > works well ... but I highly doubt that the large number of volunteer's > we're going to be working with here will take the time to add them, or even > remember 5 minutes after I tell them. > > Does anyone have any possible solutions for this problem? I'll include the > portion of code that seems to be causing the problems now ... > > I'm already using the addslashes() command and it is not working ... I'm > desperate at this point ... > > Again, the following works flawlessly on my local test machine running > Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web > host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32 > > Thanks in advance, > -Tim > > >$db = mysql_connect("localhost", "", ""); > mysql_select_db("edoinfo",$db); > > if ($submit) { > // here if no ID then adding else we're editing > if ($id) { > $sql = "UPDATE ai_data SET > >section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW() > WHERE id=$id"; > } else { > $sql = "INSERT INTO ai_data > (section,subsection,heading,title,info,entry) VALUES > ('$section','$subsection','$heading','$title','$info',NOW())"; > } > // run SQL against the DB > $result = mysql_query($sql); > echo "Record updated/edited!"; > echo "ADD A RECORD"; > > } elseif ($delete) { > // delete a record > $sql = "DELETE FROM ai_data WHERE id=$id"; > > $result = mysql_query($sql); > > echo "$sql Record deleted!"; > echo "ADD A RECORD"; > > } else { > // this part happens if we don't press submit > if (!$id) { > // print the list if there is not editing > $result = mysql_query("SELECT * FROM ai_data",$db); > while ($myrow = mysql_fetch_array($result)) { > printf("%s \n", $PHP_SELF, > $myrow["id"], $myrow["title"]); > > printf("(DELETE)", > $PHP_SELF, $myrow["id"]); > } > } > > ?> > ADD A RECORD > > if ($id) { > // editing so select a record > $sql = "SELECT * FROM ai_data WHERE id=$id"; > $result = mysql_query($sql); > $myrow = mysql_fetch_array($result); > > $id = $myrow["id"]; > $section = $myrow["section"]; > $subsection = $myrow["subsection"]; > $heading = $myrow["heading"]; > $title = addslashes($myrow["title"]); > $info = addslashes($myrow["info"]); > $entry = $myrow["entry"]; > > // print the id for editing > ?> > > } > ?> > > Section: > > size="35" maxlength="100" > > > > > Sub-Section: > >> > > > > Heading Graphic: > > size="35" maxlength="255" > > > > > Section Title: > > size="35" maxlength="255" > > > > > > > > Document Information: > > include('../../../scripts/forms.css'); ?>> > > > > > > > > Event Entry: > > > > > > > > > > > border=0 alt="Enter Information" style="background-color: 00; > font-size: 14; color: cc;"> > > > > > > > > > > > } > ?> > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] apostrphe's entered into MySQL database
Why isn't addslashes() working? You addslashes then you stripslashes() :-) Anyway, how about mysql_escape_string()? -- Julio Nobrega. Um dia eu chego lá: http://sourceforge.net/projects/toca Ajudei? Salvei? Que tal um presentinho? http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] apostrphe's entered into MySQL database
Hi, I've sent a few emails thus far regarding adding apostrophe's through a PHP script form into a MySQL database. The responses I received indicated to me that I needed to get my hosting company to activate magic_quotes_gpc. After several days of talking with what seems to be the sole tech support person left at my hosting company - I was told that the magic_quotes_gpc variable is not supported by them. Sooo ... this leaves me in a rather awkward situation. I need to have a basic content management system up and running in the extremely near future that will be utilized by a great number of individuals. If when an apostrophe is entered - all the information entered through the form is rejected by the database - the entire endeavour suddenly becomes rather useless. I know that if I enter a \ before any apostrophe's in the form, it all works well ... but I highly doubt that the large number of volunteer's we're going to be working with here will take the time to add them, or even remember 5 minutes after I tell them. Does anyone have any possible solutions for this problem? I'll include the portion of code that seems to be causing the problems now ... I'm already using the addslashes() command and it is not working ... I'm desperate at this point ... Again, the following works flawlessly on my local test machine running Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32 Thanks in advance, -Tim "; echo "ADD A RECORD"; } elseif ($delete) { // delete a record $sql = "DELETE FROM ai_data WHERE id=$id"; $result = mysql_query($sql); echo "$sql Record deleted!"; echo "ADD A RECORD"; } else { // this part happens if we don't press submit if (!$id) { // print the list if there is not editing $result = mysql_query("SELECT * FROM ai_data",$db); while ($myrow = mysql_fetch_array($result)) { printf("%s \n", $PHP_SELF, $myrow["id"], $myrow["title"]); printf("(DELETE)", $PHP_SELF, $myrow["id"]); } } ?> ADD A RECORD Section: > Sub-Section: > Heading Graphic: > Section Title: > Document Information: > Event Entry: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php