RE: [PHP] strip single quotes

2003-03-20 Thread Daniel McCullough 
I have this code in to try and strip single quotes out.  But it does it to 
one but not the rest.

$address = str_replace(\\\///, , $store['address']);
$address = str_replace(', , $address);
$address = str_replace(', \', $address);
$address = addslashes($address);
$sql2 = SELECT * FROM store_name WHERE name = '.$store['name'].';
//$build_sql .= $sql2.br;
$result2 = mysql_query($sql2) or die(mysql_error());
$store_name = mysql_fetch_array($result2);
$sql3 = SELECT * FROM store_address WHERE address = '.$address.';
any thoughts




From: John W. Holmes [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: 'Daniel McCullough' 
[EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: [PHP] strip single quotes
Date: Wed, 19 Mar 2003 21:49:10 -0500
MIME-Version: 1.0
Received: from dc-mx03.cluster1.charter.net ([209.225.8.13]) by 
mc10-f34.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 19 
Mar 2003 19:04:29 -0800
Received: from [68.117.196.146] (HELO coconut)  by 
dc-mx03.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9)  with ESMTP id 
107067803; Wed, 19 Mar 2003 21:51:20 -0500
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Organization: U.S. Army
Message-ID: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 20 Mar 2003 03:04:29.0882 (UTC) 
FILETIME=[6C8DB1A0:01C2EE8D]

 I'm trying to query the database using a string pulled out of the
database
 and compare and get the id.  I can do it to a certain point and what
kills
 my query is single quotes.  I CANNOT figure out how to escape it.

 I DID THIS:
 $address2 = str_replace(', , $address);

 that worked on some, but not all.
 $address = stripslashes($store['address']);
 $address = str_replace(', , $address);
 $address = htmlspecialchars($address);
 $address = addslashes($address);

 anyone

 Some errors I have gotten back
 You have an error in your SQL syntax near 's Linen  Home'' at line
1
 and
 You have an error in your SQL syntax near 's 800 number.'' at line 1
You need to use addslashes() on any string you insert into your query.

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



_
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] strip single quotes

2003-03-20 Thread Daniel McCullough 
another question is could this becoming from the table I am comparing it 
too?

SELECT * FROM store_address WHERE address = '.$address.'

where $address is fine but the other table is causing the error.  how do I 
strip that result as well?


I have this code in to try and strip single quotes out.  But it does it to 
one but not the rest.

$address = str_replace(\\\///, , $store['address']);
$address = str_replace(', , $address);
$address = str_replace(', \', $address);
$address = addslashes($address);
$sql2 = SELECT * FROM store_name WHERE name = '.$store['name'].';
//$build_sql .= $sql2.br;
$result2 = mysql_query($sql2) or die(mysql_error());
$store_name = mysql_fetch_array($result2);
$sql3 = SELECT * FROM store_address WHERE address = '.$address.';
any thoughts




From: John W. Holmes [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: 'Daniel McCullough' 
[EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: [PHP] strip single quotes
Date: Wed, 19 Mar 2003 21:49:10 -0500
MIME-Version: 1.0
Received: from dc-mx03.cluster1.charter.net ([209.225.8.13]) by 
mc10-f34.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 19 
Mar 2003 19:04:29 -0800
Received: from [68.117.196.146] (HELO coconut)  by 
dc-mx03.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9)  with ESMTP id 
107067803; Wed, 19 Mar 2003 21:51:20 -0500
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
Organization: U.S. Army
Message-ID: [EMAIL PROTECTED]
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
In-Reply-To: [EMAIL PROTECTED]
Return-Path: [EMAIL PROTECTED]
X-OriginalArrivalTime: 20 Mar 2003 03:04:29.0882 (UTC) 
FILETIME=[6C8DB1A0:01C2EE8D]

 I'm trying to query the database using a string pulled out of the
database
 and compare and get the id.  I can do it to a certain point and what
kills
 my query is single quotes.  I CANNOT figure out how to escape it.

 I DID THIS:
 $address2 = str_replace(', , $address);

 that worked on some, but not all.
 $address = stripslashes($store['address']);
 $address = str_replace(', , $address);
 $address = htmlspecialchars($address);
 $address = addslashes($address);

 anyone

 Some errors I have gotten back
 You have an error in your SQL syntax near 's Linen  Home'' at line
1
 and
 You have an error in your SQL syntax near 's 800 number.'' at line 1
You need to use addslashes() on any string you insert into your query.

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



_
Add photos to your e-mail with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


_
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] strip single quotes

2003-03-19 Thread Martin Towell 
try this
$address2 = str_replace(', '', $address)

-Original Message-
From: Daniel McCullough [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 1:48 PM
To: [EMAIL PROTECTED]
Subject: [PHP] strip single quotes


I'm trying to query the database using a string pulled out of the database 
and compare and get the id.  I can do it to a certain point and what kills 
my query is single quotes.  I CANNOT figure out how to escape it.

I DID THIS:
$address2 = str_replace(', , $address);

that worked on some, but not all.
$address = stripslashes($store['address']);
$address = str_replace(', , $address);
$address = htmlspecialchars($address);
$address = addslashes($address);

anyone

Some errors I have gotten back
You have an error in your SQL syntax near 's Linen  Home'' at line 1
and
You have an error in your SQL syntax near 's 800 number.'' at line 1




_
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] strip single quotes

2003-03-19 Thread John W. Holmes 
 I'm trying to query the database using a string pulled out of the
database
 and compare and get the id.  I can do it to a certain point and what
kills
 my query is single quotes.  I CANNOT figure out how to escape it.
 
 I DID THIS:
 $address2 = str_replace(', , $address);
 
 that worked on some, but not all.
 $address = stripslashes($store['address']);
 $address = str_replace(', , $address);
 $address = htmlspecialchars($address);
 $address = addslashes($address);
 
 anyone
 
 Some errors I have gotten back
 You have an error in your SQL syntax near 's Linen  Home'' at line
1
 and
 You have an error in your SQL syntax near 's 800 number.'' at line 1

You need to use addslashes() on any string you insert into your query.

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php