RE: [PHP-DB] stripSlashes function
You need to add slashes when putting data into
your database. When you want to display the data
from your database, that's when you strip the
slashes.
-Original Message-
From: Lisi [mailto:[EMAIL PROTECTED]]
Sent: May 20, 2002 5:33 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] stripSlashes function
I have a form that allows a person to enter an
announcement into a database
using a form. The form and the query work fine.
$query = INSERT INTO maztov (fullname1,
fullname2, city1, city2, email1,
email2, post_fullname, mazal_text, post_city,
post_email, other_emails,
entered) VALUES
('$fullname1','$fullname2','$city1','$city2','$ema
il1','$email2','$post_fullname','$mazal_text','$po
st_city','$post_email','$other_emails',
NOW());
$result = mysql_query($query);
Then I realized MagicQuotes was adding slashes to
my query, so I added this
line:
$query = stripSlashes($query);
before I executed the result. Now the result is no
longer executing, i.e.
the entry is not being added into the database.
When I echo the query before and after
stripslashes has been applied, it is
echoing exactly what I think it should. When I
comment out the line with
stripslashes, it works again but with adding
quotes.
What am I doing wrong?
Thanks,
-Lisi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] stripSlashes function
The slashes are being added by the MagicQuotes feature in PHP (I think)
when the form is submitted, and the slashes are being put into the database
but I don't want them there. When I echo the query it does have the
slashes, and when I echo it after applying stripslashes they are gone, but
then my query is not being executed.
At 04:33 AM 5/20/02 -0400, SP wrote:
You need to add slashes when putting data into
your database. When you want to display the data
from your database, that's when you strip the
slashes.
-Original Message-
From: Lisi [mailto:[EMAIL PROTECTED]]
Sent: May 20, 2002 5:33 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] stripSlashes function
I have a form that allows a person to enter an
announcement into a database
using a form. The form and the query work fine.
$query = INSERT INTO maztov (fullname1,
fullname2, city1, city2, email1,
email2, post_fullname, mazal_text, post_city,
post_email, other_emails,
entered) VALUES
('$fullname1','$fullname2','$city1','$city2','$ema
il1','$email2','$post_fullname','$mazal_text','$po
st_city','$post_email','$other_emails',
NOW());
$result = mysql_query($query);
Then I realized MagicQuotes was adding slashes to
my query, so I added this
line:
$query = stripSlashes($query);
before I executed the result. Now the result is no
longer executing, i.e.
the entry is not being added into the database.
When I echo the query before and after
stripslashes has been applied, it is
echoing exactly what I think it should. When I
comment out the line with
stripslashes, it works again but with adding
quotes.
What am I doing wrong?
Thanks,
-Lisi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] stripSlashes function
What I am saying is that you have to store the
slashes in your database. If you did not have the
slashes then your database insert would be screwed
up.
For example this would work fine if the variable
$fullname was Michael Dell but it would not work
if you had Michael O'Dell. Why not? Look what
happens to the sql statement if you don't escape
the ' or with a slash:
INSERT INTO maztov (fullname, email, address)
VALUES ('$fullname', '$email',
'$address')
INSERT INTO maztov (fullname, email, address)
VALUES ('Michael O'Dell',
'[EMAIL PROTECTED]', '123 Street')
You see the extra ' in the sql statement? So let
magic quotes insert the slashes when inputing text
but when you want to display it again then you
have to stripslashes.
-Original Message-
From: Lisi [mailto:[EMAIL PROTECTED]]
Sent: May 20, 2002 5:47 AM
To: SP; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] stripSlashes function
The slashes are being added by the MagicQuotes
feature in PHP (I think)
when the form is submitted, and the slashes are
being put into the database
but I don't want them there. When I echo the
query it does have the
slashes, and when I echo it after applying
stripslashes they are gone, but
then my query is not being executed.
At 04:33 AM 5/20/02 -0400, SP wrote:
You need to add slashes when putting data into
your database. When you want to display the data
from your database, that's when you strip the
slashes.
-Original Message-
From: Lisi [mailto:[EMAIL PROTECTED]]
Sent: May 20, 2002 5:33 AM
To: [EMAIL PROTECTED]
Subject: [PHP-DB] stripSlashes function
I have a form that allows a person to enter an
announcement into a database
using a form. The form and the query work fine.
$query = INSERT INTO maztov (fullname1,
fullname2, city1, city2, email1,
email2, post_fullname, mazal_text, post_city,
post_email, other_emails,
entered) VALUES
('$fullname1','$fullname2','$city1','$city2','$em
a
il1','$email2','$post_fullname','$mazal_text','$p
o
st_city','$post_email','$other_emails',
NOW());
$result = mysql_query($query);
Then I realized MagicQuotes was adding slashes to
my query, so I added this
line:
$query = stripSlashes($query);
before I executed the result. Now the result is
no
longer executing, i.e.
the entry is not being added into the database.
When I echo the query before and after
stripslashes has been applied, it is
echoing exactly what I think it should. When I
comment out the line with
stripslashes, it works again but with adding
quotes.
What am I doing wrong?
Thanks,
-Lisi
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit:
http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
