RE: [PHP] strip single quotes
I have this code in to try and strip single quotes out. But it does it to one but not the rest. $address = str_replace(\\\///, , $store['address']); $address = str_replace(', , $address); $address = str_replace(', \', $address); $address = addslashes($address); $sql2 = SELECT * FROM store_name WHERE name = '.$store['name'].'; //$build_sql .= $sql2.br; $result2 = mysql_query($sql2) or die(mysql_error()); $store_name = mysql_fetch_array($result2); $sql3 = SELECT * FROM store_address WHERE address = '.$address.'; any thoughts From: John W. Holmes [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: 'Daniel McCullough' [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: [PHP] strip single quotes Date: Wed, 19 Mar 2003 21:49:10 -0500 MIME-Version: 1.0 Received: from dc-mx03.cluster1.charter.net ([209.225.8.13]) by mc10-f34.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 19 Mar 2003 19:04:29 -0800 Received: from [68.117.196.146] (HELO coconut) by dc-mx03.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9) with ESMTP id 107067803; Wed, 19 Mar 2003 21:51:20 -0500 X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP Organization: U.S. Army Message-ID: [EMAIL PROTECTED] X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 20 Mar 2003 03:04:29.0882 (UTC) FILETIME=[6C8DB1A0:01C2EE8D] I'm trying to query the database using a string pulled out of the database and compare and get the id. I can do it to a certain point and what kills my query is single quotes. I CANNOT figure out how to escape it. I DID THIS: $address2 = str_replace(', , $address); that worked on some, but not all. $address = stripslashes($store['address']); $address = str_replace(', , $address); $address = htmlspecialchars($address); $address = addslashes($address); anyone Some errors I have gotten back You have an error in your SQL syntax near 's Linen Home'' at line 1 and You have an error in your SQL syntax near 's 800 number.'' at line 1 You need to use addslashes() on any string you insert into your query. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] strip single quotes
another question is could this becoming from the table I am comparing it too? SELECT * FROM store_address WHERE address = '.$address.' where $address is fine but the other table is causing the error. how do I strip that result as well? I have this code in to try and strip single quotes out. But it does it to one but not the rest. $address = str_replace(\\\///, , $store['address']); $address = str_replace(', , $address); $address = str_replace(', \', $address); $address = addslashes($address); $sql2 = SELECT * FROM store_name WHERE name = '.$store['name'].'; //$build_sql .= $sql2.br; $result2 = mysql_query($sql2) or die(mysql_error()); $store_name = mysql_fetch_array($result2); $sql3 = SELECT * FROM store_address WHERE address = '.$address.'; any thoughts From: John W. Holmes [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: 'Daniel McCullough' [EMAIL PROTECTED],[EMAIL PROTECTED] Subject: RE: [PHP] strip single quotes Date: Wed, 19 Mar 2003 21:49:10 -0500 MIME-Version: 1.0 Received: from dc-mx03.cluster1.charter.net ([209.225.8.13]) by mc10-f34.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Wed, 19 Mar 2003 19:04:29 -0800 Received: from [68.117.196.146] (HELO coconut) by dc-mx03.cluster1.charter.net (CommuniGate Pro SMTP 3.5.9) with ESMTP id 107067803; Wed, 19 Mar 2003 21:51:20 -0500 X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP Organization: U.S. Army Message-ID: [EMAIL PROTECTED] X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 20 Mar 2003 03:04:29.0882 (UTC) FILETIME=[6C8DB1A0:01C2EE8D] I'm trying to query the database using a string pulled out of the database and compare and get the id. I can do it to a certain point and what kills my query is single quotes. I CANNOT figure out how to escape it. I DID THIS: $address2 = str_replace(', , $address); that worked on some, but not all. $address = stripslashes($store['address']); $address = str_replace(', , $address); $address = htmlspecialchars($address); $address = addslashes($address); anyone Some errors I have gotten back You have an error in your SQL syntax near 's Linen Home'' at line 1 and You have an error in your SQL syntax near 's 800 number.'' at line 1 You need to use addslashes() on any string you insert into your query. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] strip single quotes
try this $address2 = str_replace(', '', $address) -Original Message- From: Daniel McCullough [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 1:48 PM To: [EMAIL PROTECTED] Subject: [PHP] strip single quotes I'm trying to query the database using a string pulled out of the database and compare and get the id. I can do it to a certain point and what kills my query is single quotes. I CANNOT figure out how to escape it. I DID THIS: $address2 = str_replace(', , $address); that worked on some, but not all. $address = stripslashes($store['address']); $address = str_replace(', , $address); $address = htmlspecialchars($address); $address = addslashes($address); anyone Some errors I have gotten back You have an error in your SQL syntax near 's Linen Home'' at line 1 and You have an error in your SQL syntax near 's 800 number.'' at line 1 _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] strip single quotes
I'm trying to query the database using a string pulled out of the database and compare and get the id. I can do it to a certain point and what kills my query is single quotes. I CANNOT figure out how to escape it. I DID THIS: $address2 = str_replace(', , $address); that worked on some, but not all. $address = stripslashes($store['address']); $address = str_replace(', , $address); $address = htmlspecialchars($address); $address = addslashes($address); anyone Some errors I have gotten back You have an error in your SQL syntax near 's Linen Home'' at line 1 and You have an error in your SQL syntax near 's 800 number.'' at line 1 You need to use addslashes() on any string you insert into your query. ---John W. Holmes... PHP Architect - A monthly magazine for PHP Professionals. Get your copy today. http://www.phparch.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php