[PHP-DB] Addslashes / DB Sort
PHP / MySQL I'm using PHP to retrieve user input and store it in MySQL. PHP's addslashes function is used on data going into the database and PHP's stripslashes function is being used on data coming from the database. This is allowing me to store and retrieve data with no problems, but it's causing problems when trying to sort data. In particular, data with double or single quotes is getting escaped, which changes it's position in the sort. For example, without using addslashes, I can sort by Title and end up with the following results: 'Pizza' For Techies Drinking Beer The OOP Way The World According To Linus But. if I use addslashes and try to sort by Title, I end up with: Drinking Beer The OOP Way The World According To Linus \'Pizza\' For Techies Is there a way to account for this? Thanks, Ed
Re: [PHP-DB] Addslashes / DB Sort
On Tuesday 28 September 2004 02:49, Ed Lazor wrote: I'm using PHP to retrieve user input and store it in MySQL. PHP's addslashes function is used on data going into the database Use the more specific mysql_escape_string() (or friend) instead. and PHP's stripslashes function is being used on data coming from the database. You're not supposed to use stripslashes() on data coming from the database -- read up on addslashes() and also search manual for magic quotes. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-db -- /* The best way to hold a man is in your arms -- Murphy's Laws on Sex n18 */ -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] Addslashes / DB Sort
Use the more specific mysql_escape_string() (or friend) instead. You're not supposed to use stripslashes() on data coming from the database Kk, thanks Jason =) -Ed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php