Re: [PHP-DB] Single quotes in INSERT statements?
Skip Evans wrote: Hello all, I'm brand spanking new to the list and have a quick question. I was under the impression that addslashes() would handle single quote marks in INSERT statements, but when I execute the following: $sql=UPDATE images SET orderno=$orderno, url='.addslashes($url).', banner=$banner,caption='.addslashes($caption).' WHERE imageID=$imageID; ...and $caption contains something like: Don't look ...the data is chopped off at the single quote mark. How, if not addslashes(), does one handle this? No, neither mysql_escape_string or mysql_real_escape_string worked. Yes, I am using MySQL, should have said that, sorry. But anyway, even with both of these functions, the data in the string containing the single quote as in Don't Look is still being truncated at the single quote mark. Any other suggestions would be greatly appreciated. Skip For the archives: Subject of this thread is misleading since the problem was not one of an INSERT failing but of HTML not displaying properly because of quotes or other special characters in the text in the database. Just goes to show that the best way to get the right answer is to analyze the problem accurately and ask the right question. David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Single quotes in INSERT statements?
2006/4/26, [EMAIL PROTECTED] [EMAIL PROTECTED]: Skip Evans wrote: Hello all, I'm brand spanking new to the list and have a quick question. I was under the impression that addslashes() would handle single quote marks in INSERT statements, but when I execute the following: $sql=UPDATE images SET orderno=$orderno, url='.addslashes($url).', banner=$banner,caption='.addslashes($caption).' WHERE imageID=$imageID; ...and $caption contains something like: Don't look ...the data is chopped off at the single quote mark. How, if not addslashes(), does one handle this? No, neither mysql_escape_string or mysql_real_escape_string worked. Yes, I am using MySQL, should have said that, sorry. But anyway, even with both of these functions, the data in the string containing the single quote as in Don't Look is still being truncated at the single quote mark. Any other suggestions would be greatly appreciated. Skip For the archives: Subject of this thread is misleading since the problem was not one of an INSERT failing but of HTML not displaying properly because of quotes or other special characters in the text in the database. Just goes to show that the best way to get the right answer is to analyze the problem accurately and ask the right question. David Well, 80% of solving a problem is finding out what the problem is. If you ask them to solve that 80% on their own then asking for help is rather pointless. Anyway I agree that the subject was misleading, but this was caused by how he explained the problem, particularly on the assumption that addslashes was not doing what it was supposed to do so. What I advise is to avoid assumptions and just present the symptoms of the problem.
Re: [PHP-DB] Single quotes in INSERT statements?
Martin Alterisio wrote: 2006/4/26, [EMAIL PROTECTED] [EMAIL PROTECTED]: Skip Evans wrote: Hello all, I'm brand spanking new to the list and have a quick question. I was under the impression that addslashes() would handle single quote marks in INSERT statements, but when I execute the following: $sql=UPDATE images SET orderno=$orderno, url='.addslashes($url).', banner=$banner,caption='.addslashes($caption).' WHERE imageID=$imageID; ...and $caption contains something like: Don't look ...the data is chopped off at the single quote mark. How, if not addslashes(), does one handle this? No, neither mysql_escape_string or mysql_real_escape_string worked. Yes, I am using MySQL, should have said that, sorry. But anyway, even with both of these functions, the data in the string containing the single quote as in Don't Look is still being truncated at the single quote mark. Any other suggestions would be greatly appreciated. Skip For the archives: Subject of this thread is misleading since the problem was not one of an INSERT failing but of HTML not displaying properly because of quotes or other special characters in the text in the database. Just goes to show that the best way to get the right answer is to analyze the problem accurately and ask the right question. David Well, 80% of solving a problem is finding out what the problem is. If you ask them to solve that 80% on their own then asking for help is rather pointless. Anyway I agree that the subject was misleading, but this was caused by how he explained the problem, particularly on the assumption that addslashes was not doing what it was supposed to do so. What I advise is to avoid assumptions and just present the symptoms of the problem. The devil is in the detail, no? I'm not disagreeing with you, Martin. Clearly incorrect assumptions were made by the initial poster, and responses were consequently at first off-base. Far be it for me to discourage anyone from asking a question, well considered or not. And to be honest, I even rather enjoy those that are off-topic. My apologies if my preceding response seemed impatient or impolite. We all once were beginners, and I still have one or more brain dead moments each day. Reminds me I'm human. David -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Single quotes in INSERT statements?
Geez, did I start all this? I can see now that my initial assumption that addslashes() was not doing what it was supposed to do was wrong, and that I should have checked the DB before firing off the message. Clearly I should have done more investigation on my own. (Which is often the case.) However, the initial response that was made about perhaps the field itself truncating the data tipped me off to what I should have done previously, look in the database, so once I did that it was clear what the problem was. And then another list member had mentioned htmlentities() and that lit the the old proverbial overhead bulb, and bingo: problem solved. Perhaps a zig zag, somewhat sloppy path to the solution, and I accept responsibility for that, but a solution nonetheless. I must confess I'm happy about that. I do apologize for my assumption starting a thread that was misnamed, and not doing the diligence thing before firing off the message. But I certainly do value and appreciate the assistance given. Skip [EMAIL PROTECTED] wrote: Martin Alterisio wrote: 2006/4/26, [EMAIL PROTECTED] [EMAIL PROTECTED]: Skip Evans wrote: Hello all, I'm brand spanking new to the list and have a quick question. I was under the impression that addslashes() would handle single quote marks in INSERT statements, but when I execute the following: $sql=UPDATE images SET orderno=$orderno, url='.addslashes($url).', banner=$banner,caption='.addslashes($caption).' WHERE imageID=$imageID; ...and $caption contains something like: Don't look ...the data is chopped off at the single quote mark. How, if not addslashes(), does one handle this? No, neither mysql_escape_string or mysql_real_escape_string worked. Yes, I am using MySQL, should have said that, sorry. But anyway, even with both of these functions, the data in the string containing the single quote as in Don't Look is still being truncated at the single quote mark. Any other suggestions would be greatly appreciated. Skip For the archives: Subject of this thread is misleading since the problem was not one of an INSERT failing but of HTML not displaying properly because of quotes or other special characters in the text in the database. Just goes to show that the best way to get the right answer is to analyze the problem accurately and ask the right question. David Well, 80% of solving a problem is finding out what the problem is. If you ask them to solve that 80% on their own then asking for help is rather pointless. Anyway I agree that the subject was misleading, but this was caused by how he explained the problem, particularly on the assumption that addslashes was not doing what it was supposed to do so. What I advise is to avoid assumptions and just present the symptoms of the problem. The devil is in the detail, no? I'm not disagreeing with you, Martin. Clearly incorrect assumptions were made by the initial poster, and responses were consequently at first off-base. Far be it for me to discourage anyone from asking a question, well considered or not. And to be honest, I even rather enjoy those that are off-topic. My apologies if my preceding response seemed impatient or impolite. We all once were beginners, and I still have one or more brain dead moments each day. Reminds me I'm human. David -- Skip Evans Big Sky Penguin, LLC 61 W Broadway Butte, Montana 59701 406-782-2240 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP-DB] PostgreSQL functions missing
Hi, My sys admin installed an update to H-Sphere (control panel software) that broke PEAR::DB and phpBB last week. After much trial and error, I finally tracked it down to missing pg_affected_rows() and pg_cmdtuples() functions (for PEAR and phpBB respectively) in PHP. I'm assuming that the H-Sphere update also included an upgrade for PHP and they didn't compile it right. Does anyone know how we can fix this? Does Psoft (the company that makes H-Sphere) have to recompile libpq? The server is currently running PHP 4.4.2 and PosgreSQL 7.4.11. Any insight would be much appreciated. Thanks in advance, Tony -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php