subject:"\[PHP\] Pesky quotes"

[PHP] Pesky quotes

2001-10-03 Thread René Fournier


A little problem with single quotes messing up an SQL SET statement...

I can type single quotes, double quotes--it seems, any 'special'
character--into a form, and so long as my PHP script tries to INSERT, UPDATE
or DELETE said row into the table, no problem.  But when I try to DUPLICATE
a row that already contains a single quote, the PHP code chokes on it--and
doesn't perform the query operation.  I realize that the code that does the
preprocessing is getting confused by any stray single quote (double quotes
are harmless).  What I don't know is how to get around this problem.  Here's
the code in question:

---
// DUPLICATE
   if ($action == dup) {

$result = mysql_query(SELECT * FROM $table WHERE id=$id,$db);
$myrow = mysql_fetch_array($result);

$comma = ;
echo $priv, br;
for ($i = $priv; $i  $columns; $i++) {
$fld = mysql_field_name($fields, $i);
$set .= $comma.$fld='.$myrow[$i].';
echo $set, br;
$comma = , ;
}

  // run SQL against the DB
  $sql = INSERT $table SET $set;
  $result = mysql_query($sql);

   $affected = $id;
   echo td width=10img border=0 src=../../common/spacer.gif width=10
height=1/tdtd align=center valign=middle bgcolor=#eespan
class=adminnormalgreyRecord duplicated/span/td;
}

---
And here's the echo'd $set:
---
lang='en'
lang='en', record='news.php'
lang='en', record='news.php', buttonname='News and Events'
lang='en', record='news.php', buttonname='News and Events', pagetitle='What
is Happening'
lang='en', record='news.php', buttonname='News and Events', pagetitle='What
is Happening', alttext='Breaking news on new SmartSlitter products and
upgrades, plus a list of trade show's where we will be exhibiting our
machines.'
---

Any help is much appreciated. Thanks!

...Rene

---
Rene Fournier
[EMAIL PROTECTED]


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] Pesky quotes

2001-10-03 Thread Philip Olson


I don't understand this question, maybe you're looking for :

  http://www.php.net/addslashes
  http://www.php.net/stripslashes
  http://www.php.net/manual/en/configuration.php#ini.magic-quotes-gpc

Looks like you have magic_quotes_gpc enabled.  Adjust accordingly.  Using
addslashes() on a string essentially does the same thing.

Regards,
Philip Olson


On Wed, 3 Oct 2001, [iso-8859-1] René Fournier wrote:

 A little problem with single quotes messing up an SQL SET statement...
 
 I can type single quotes, double quotes--it seems, any 'special'
 character--into a form, and so long as my PHP script tries to INSERT, UPDATE
 or DELETE said row into the table, no problem.  But when I try to DUPLICATE
 a row that already contains a single quote, the PHP code chokes on it--and
 doesn't perform the query operation.  I realize that the code that does the
 preprocessing is getting confused by any stray single quote (double quotes
 are harmless).  What I don't know is how to get around this problem.  Here's
 the code in question:
 
 ---
 // DUPLICATE
if ($action == dup) {
 
   $result = mysql_query(SELECT * FROM $table WHERE id=$id,$db);
   $myrow = mysql_fetch_array($result);
 
 $comma = ;
 echo $priv, br;
 for ($i = $priv; $i  $columns; $i++) {
   $fld = mysql_field_name($fields, $i);
 $set .= $comma.$fld='.$myrow[$i].';
   echo $set, br;
 $comma = , ;
   }
 
 // run SQL against the DB
 $sql = INSERT $table SET $set;
 $result = mysql_query($sql);
 
$affected = $id;
echo td width=10img border=0 src=../../common/spacer.gif width=10
 height=1/tdtd align=center valign=middle bgcolor=#eespan
 class=adminnormalgreyRecord duplicated/span/td;
   }
 
 ---
 And here's the echo'd $set:
 ---
 lang='en'
 lang='en', record='news.php'
 lang='en', record='news.php', buttonname='News and Events'
 lang='en', record='news.php', buttonname='News and Events', pagetitle='What
 is Happening'
 lang='en', record='news.php', buttonname='News and Events', pagetitle='What
 is Happening', alttext='Breaking news on new SmartSlitter products and
 upgrades, plus a list of trade show's where we will be exhibiting our
 machines.'
 ---
 
 Any help is much appreciated. Thanks!
 
 ...Rene
 
 ---
 Rene Fournier
 [EMAIL PROTECTED]
 
 
 _
 Do You Yahoo!?
 Get your free @yahoo.com address at http://mail.yahoo.com
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]
 



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

[PHP] Pesky quotes

Re: [PHP] Pesky quotes

2 matches

Site Navigation

Mail list logo

Footer information