Re: [PHP] apostrphe's entered into MySQL database

2002-02-27 Thread Matt Drake 

Whoops...helps if I write it legally.

$dbStr = preg_replace("/'/", "/\\'/", $dbStr);
$dbStr = preg_replace("/'/", "/''/", $dbStr);

M

On Wed, 27 Feb 2002, Matt Drake wrote:

> I don't see why addslashes wouldn't work, but why not roll your own?
>
> $dbStr = preg_replace("/'/", "/\\'/");
>
> I believe that, in MySQL, you can also double-up single quotes to escape
> them:
>
> $dbStr = preg_replace("/'/", "/''/");
>
> HTH
> Matt
>
> On Wed, 27 Feb 2002, Tim Thorburn wrote:
>
> > Hi,
> >
> > I've sent a few emails thus far regarding adding apostrophe's through a PHP
> > script form into a MySQL database.  The responses I received indicated to
> > me that I needed to get my hosting company to activate magic_quotes_gpc.
> >
> > After several days of talking with what seems to be the sole tech support
> > person left at my hosting company - I was told that the magic_quotes_gpc
> > variable is not supported by them.
> >
> > Sooo ... this leaves me in a rather awkward situation.  I need to have a
> > basic content management system up and running in the extremely near future
> > that will be utilized by a great number of individuals.  If when an
> > apostrophe is entered - all the information entered through the form is
> > rejected by the database - the entire endeavour suddenly becomes rather
> > useless.
> >
> > I know that if I enter a \ before any apostrophe's in the form, it all
> > works well ... but I highly doubt that the large number of volunteer's
> > we're going to be working with here will take the time to add them, or even
> > remember 5 minutes after I tell them.
> >
> > Does anyone have any possible solutions for this problem?  I'll include the
> > portion of code that seems to be causing the problems now ...
> >
> > I'm already using the addslashes() command and it is not working ... I'm
> > desperate at this point ...
> >
> > Again, the following works flawlessly on my local test machine running
> > Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
> > host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
> >
> > Thanks in advance,
> > -Tim
> >
> >
> >  > $db = mysql_connect("localhost", "", "");
> > mysql_select_db("edoinfo",$db);
> >
> > if ($submit) {
> > // here if no ID then adding else we're editing
> > if ($id) {
> > $sql = "UPDATE ai_data SET
> > 
>section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
> > WHERE id=$id";
> > } else {
> >  $sql = "INSERT INTO ai_data
> > (section,subsection,heading,title,info,entry) VALUES
> > ('$section','$subsection','$heading','$title','$info',NOW())";
> > }
> > // run SQL against the DB
> > $result = mysql_query($sql);
> > echo "Record updated/edited!";
> > echo "ADD A RECORD";
> >
> > } elseif ($delete) {
> > // delete a record
> >  $sql = "DELETE FROM ai_data WHERE id=$id";
> >
> >  $result = mysql_query($sql);
> >
> > echo "$sql Record deleted!";
> > echo "ADD A RECORD";
> >
> > } else {
> > // this part happens if we don't press submit
> > if (!$id) {
> > // print the list if there is not editing
> >  $result = mysql_query("SELECT * FROM ai_data",$db);
> >  while ($myrow = mysql_fetch_array($result)) {
> >  printf("%s \n", $PHP_SELF,
> > $myrow["id"], $myrow["title"]);
> >
> > printf("(DELETE)",
> > $PHP_SELF, $myrow["id"]);
> >  }
> > }
> >
> > ?>
> > ADD A RECORD
> > 
> > > if ($id) {
> > // editing so select a record
> > $sql = "SELECT * FROM ai_data WHERE id=$id";
> > $result = mysql_query($sql);
> > $myrow = mysql_fetch_array($result);
> >
> > $id = $myrow["id"];
> > $section = $myrow["section"];
> > $subsection = $myrow["subsection"];
> > $heading = $myrow["heading"];
> > $title = addslashes($myrow["title"]);
> > $info = addslashes($myrow["info"]);
> >$entry = $myrow["entry"];
> >
> > // print the id for editing
> > ?>
> >
> > > }
> > ?>
> >  
> >  Section:
> >  
> > > size="35" maxlength="100" >
> >  
> >
> >
> >  Sub-Section: 
> >  
> >>
> >  
> >
> >
> >  Heading Graphic: 
> >  
> > > size="35" maxlength="255" >
> >  
> >
> >
> >  Section Title: 
> >  
> > > size="35" maxlength="255" >
> >  
> >
> >
> >   
> >
> >
> >  Document Information: 
> >  
> > > include('../../../scripts/forms.css'); ?>>
> >  
> >
> >
> >   
> >   
> >
> >
> >  Event Entry: 
> >  
> >
> >  
> >
> >
> >   
> >   
> >
> >
> >  
> > > border=0 alt="Enter Information" style="background-color: 00;
> > font-size: 14; color:

Re: [PHP] apostrphe's entered into MySQL database

2002-02-27 Thread Matt Drake 

I don't see why addslashes wouldn't work, but why not roll your own?

$dbStr = preg_replace("/'/", "/\\'/");

I believe that, in MySQL, you can also double-up single quotes to escape
them:

$dbStr = preg_replace("/'/", "/''/");

HTH
Matt

On Wed, 27 Feb 2002, Tim Thorburn wrote:

> Hi,
>
> I've sent a few emails thus far regarding adding apostrophe's through a PHP
> script form into a MySQL database.  The responses I received indicated to
> me that I needed to get my hosting company to activate magic_quotes_gpc.
>
> After several days of talking with what seems to be the sole tech support
> person left at my hosting company - I was told that the magic_quotes_gpc
> variable is not supported by them.
>
> Sooo ... this leaves me in a rather awkward situation.  I need to have a
> basic content management system up and running in the extremely near future
> that will be utilized by a great number of individuals.  If when an
> apostrophe is entered - all the information entered through the form is
> rejected by the database - the entire endeavour suddenly becomes rather
> useless.
>
> I know that if I enter a \ before any apostrophe's in the form, it all
> works well ... but I highly doubt that the large number of volunteer's
> we're going to be working with here will take the time to add them, or even
> remember 5 minutes after I tell them.
>
> Does anyone have any possible solutions for this problem?  I'll include the
> portion of code that seems to be causing the problems now ...
>
> I'm already using the addslashes() command and it is not working ... I'm
> desperate at this point ...
>
> Again, the following works flawlessly on my local test machine running
> Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
> host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
>
> Thanks in advance,
> -Tim
>
>
>$db = mysql_connect("localhost", "", "");
>   mysql_select_db("edoinfo",$db);
>
>   if ($submit) {
>   // here if no ID then adding else we're editing
>   if ($id) {
>   $sql = "UPDATE ai_data SET
> 
>section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
> WHERE id=$id";
>   } else {
>  $sql = "INSERT INTO ai_data
> (section,subsection,heading,title,info,entry) VALUES
> ('$section','$subsection','$heading','$title','$info',NOW())";
>   }
>   // run SQL against the DB
>   $result = mysql_query($sql);
>   echo "Record updated/edited!";
>   echo "ADD A RECORD";
>
>   } elseif ($delete) {
>   // delete a record
>  $sql = "DELETE FROM ai_data WHERE id=$id";
>
>  $result = mysql_query($sql);
>
>   echo "$sql Record deleted!";
>   echo "ADD A RECORD";
>
>   } else {
>   // this part happens if we don't press submit
>   if (!$id) {
>   // print the list if there is not editing
>  $result = mysql_query("SELECT * FROM ai_data",$db);
>  while ($myrow = mysql_fetch_array($result)) {
>  printf("%s \n", $PHP_SELF,
> $myrow["id"], $myrow["title"]);
>
>   printf("(DELETE)",
> $PHP_SELF, $myrow["id"]);
>  }
>   }
>
>   ?>
> ADD A RECORD
> 
>   if ($id) {
>   // editing so select a record
>   $sql = "SELECT * FROM ai_data WHERE id=$id";
>   $result = mysql_query($sql);
>   $myrow = mysql_fetch_array($result);
>
>   $id = $myrow["id"];
>   $section = $myrow["section"];
>   $subsection = $myrow["subsection"];
>   $heading = $myrow["heading"];
>   $title = addslashes($myrow["title"]);
>   $info = addslashes($myrow["info"]);
>  $entry = $myrow["entry"];
>
>   // print the id for editing
>   ?>
>
>   }
>   ?>
>  
>  Section:
>  
> size="35" maxlength="100" >
>  
>
>
>  Sub-Section: 
>  
>>
>  
>
>
>  Heading Graphic: 
>  
> size="35" maxlength="255" >
>  
>
>
>  Section Title: 
>  
> size="35" maxlength="255" >
>  
>
>
>   
>
>
>  Document Information: 
>  
> include('../../../scripts/forms.css'); ?>>
>  
>
>
>   
>   
>
>
>  Event Entry: 
>  
>
>  
>
>
>   
>   
>
>
>  
> border=0 alt="Enter Information" style="background-color: 00;
> font-size: 14; color: cc;">
>  
>   
>
>
>   
>   
>
> 
>   
>
>  }
>   ?>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] apostrphe's entered into MySQL database

2002-02-27 Thread Julio Nobrega Trabalhando 

  Why isn't addslashes() working? You addslashes then you stripslashes()
:-)

  Anyway, how about mysql_escape_string()?

--

Julio Nobrega.

Um dia eu chego lá:
http://sourceforge.net/projects/toca

Ajudei? Salvei? Que tal um presentinho?
http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] apostrphe's entered into MySQL database

2002-02-27 Thread Tim Thorburn 

Hi,

I've sent a few emails thus far regarding adding apostrophe's through a PHP 
script form into a MySQL database.  The responses I received indicated to 
me that I needed to get my hosting company to activate magic_quotes_gpc.

After several days of talking with what seems to be the sole tech support 
person left at my hosting company - I was told that the magic_quotes_gpc 
variable is not supported by them.

Sooo ... this leaves me in a rather awkward situation.  I need to have a 
basic content management system up and running in the extremely near future 
that will be utilized by a great number of individuals.  If when an 
apostrophe is entered - all the information entered through the form is 
rejected by the database - the entire endeavour suddenly becomes rather 
useless.

I know that if I enter a \ before any apostrophe's in the form, it all 
works well ... but I highly doubt that the large number of volunteer's 
we're going to be working with here will take the time to add them, or even 
remember 5 minutes after I tell them.

Does anyone have any possible solutions for this problem?  I'll include the 
portion of code that seems to be causing the problems now ...

I'm already using the addslashes() command and it is not working ... I'm 
desperate at this point ...

Again, the following works flawlessly on my local test machine running 
Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web 
host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32

Thanks in advance,
-Tim


";
echo "ADD A RECORD";

} elseif ($delete) {
// delete a record
 $sql = "DELETE FROM ai_data WHERE id=$id"; 

 $result = mysql_query($sql);

echo "$sql Record deleted!";
echo "ADD A RECORD";

} else {
// this part happens if we don't press submit
if (!$id) {
// print the list if there is not editing
 $result = mysql_query("SELECT * FROM ai_data",$db);
 while ($myrow = mysql_fetch_array($result)) {
 printf("%s \n", $PHP_SELF, 
$myrow["id"], $myrow["title"]);

printf("(DELETE)", 
$PHP_SELF, $myrow["id"]);
 }
}

?>
ADD A RECORD

   
   
   
 
 Section:
 
   >
 
   
   
 Sub-Section: 
 
   >
 
   
   
 Heading Graphic: 
 
   >
 
   
   
 Section Title: 
 
   >
 
   
   
  
   
   
 Document Information: 
 
   >
 
   
   
  
  
   
   
 Event Entry: 
 
   
 
   
   
  
  
   
   
 
   
 
  
   
   
  
  
   







-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php