Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)
What do you mean by It escapes single quotes with single quotes.?
so let's say my $content is
lalal 'lalalal' lalala
then what do I have to do to $content in order to insert to my MSSQL table?
-Original Message-
From: Lowell Allen [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem
but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)[Scanned]
Kelvin,
This link should be helpful:
http://www.mysql.com/doc/en/String_syntax.html
Regards,
Michael Egan
-Original Message-
From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED]
Sent: 20 March 2003 16:21
To: 'Lowell Allen'
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Addslashes problem (MSSQL)[Scanned]
What do you mean by It escapes single quotes with single quotes.?
so let's say my $content is
lalal 'lalalal' lalala
then what do I have to do to $content in order to insert to my MSSQL table?
-Original Message-
From: Lowell Allen [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem
but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Addslashes problem (MSSQL)
Read the user-contributed notes following the online manual info on
addslashes: http://www.php.net/manual/en/function.addslashes.php
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 11:20:51 -0500
To: 'Lowell Allen' [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: RE: [PHP] Addslashes problem (MSSQL)
What do you mean by It escapes single quotes with single quotes.?
so let's say my $content is
lalal 'lalalal' lalala
then what do I have to do to $content in order to insert to my MSSQL table?
-Original Message-
From: Lowell Allen [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem
but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
