[PHP] addSlashes problem....5 lines code
Hi,
I am getting some input from a client in a text area, the input is an sql
statement, so I am using addslashes but the damn thing is not working...any
idea why?
Heres my code:
if(isset($_POST['the_sql_command']))
{
$the_sql_command=$_POST['the_sql_command'];
$the_sql_command=addslashes($the_sql_command);
}else{$the_sql_command=none;}
I tested it out by entering this sql into the database:
insert into testing_table values('bill o'reilly')
Opening phpmyadmin I looked in the able and there are no slashes being
applied.!!
just this: insert into testing_table values('bill o'reilly')
(and yes, I did try this too:
$the_sql_command=addslashes($_POST['the_sql_command']); )
What am I missing?
Cheers,
-Ryan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addSlashes problem....5 lines code
On Monday 12 January 2004 12:31, Ryan A wrote:
I am getting some input from a client in a text area, the input is an sql
statement, so I am using addslashes but the damn thing is not working...any
idea why?
Heres my code:
if(isset($_POST['the_sql_command']))
{
$the_sql_command=$_POST['the_sql_command'];
$the_sql_command=addslashes($the_sql_command);
}else{$the_sql_command=none;}
I tested it out by entering this sql into the database:
insert into testing_table values('bill o'reilly')
Opening phpmyadmin I looked in the able and there are no slashes being
applied.!!
just this: insert into testing_table values('bill o'reilly')
(and yes, I did try this too:
$the_sql_command=addslashes($_POST['the_sql_command']); )
What am I missing?
Nothing (much). addslashes() _enables_ you to enter stuff which contains
quotes into the DB properly, but the slashes are obviously not part of the
data and hence not stored.
To do want you want to do, you can try addslashes() on the data bit (ie: bill
o'reilly), then addslashes() again on the entire $the_sql_command.
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
The IBM 2250 is impressive ...
if you compare it with a system selling for a tenth its price.
-- D. Cohen
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addSlashes problem....5 lines code
Hi,
Thanks for replying.
*
addslashes() _enables_ you to enter stuff which contains
quotes into the DB properly, but the slashes are obviously not part of the
data and hence not stored.
*
but the whole sql statement is part of the data right? I mean I am saving
the whole
sql statement for later use into the db
*
To do want you want to do, you can try addslashes() on the data bit (ie:
bill
o'reilly), then addslashes() again on the entire $the_sql_command.
*
How do I do this?
Thanks,
-Ryan
On Monday 12 January 2004 12:31, Ryan A wrote:
I am getting some input from a client in a text area, the input is an sql
statement, so I am using addslashes but the damn thing is not
working...any
idea why?
Heres my code:
if(isset($_POST['the_sql_command']))
{
$the_sql_command=$_POST['the_sql_command'];
$the_sql_command=addslashes($the_sql_command);
}else{$the_sql_command=none;}
I tested it out by entering this sql into the database:
insert into testing_table values('bill o'reilly')
Opening phpmyadmin I looked in the able and there are no slashes being
applied.!!
just this: insert into testing_table values('bill o'reilly')
(and yes, I did try this too:
$the_sql_command=addslashes($_POST['the_sql_command']); )
What am I missing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addSlashes problem....5 lines code
On Monday 12 January 2004 13:25, Ryan A wrote: addslashes() _enables_ you to enter stuff which contains quotes into the DB properly, but the slashes are obviously not part of the data and hence not stored. * but the whole sql statement is part of the data right? I mean I am saving the whole sql statement for later use into the db In this case, yes, the whole sql statement is the data that is to be entered into the DB. But when you come to use the sql statement the data bit is bill o'reilly and that needs to have another addslashes() on it. Effectively, you want it looking like this when you first insert it: insert into testing_table values(\'bill o\\\'reilly\') To do want you want to do, you can try addslashes() on the data bit (ie: bill o'reilly), then addslashes() again on the entire $the_sql_command. * How do I do this? I have no idea how to separate the data bit easily. Furthermore it all depends on what kind of sql statements you will be accepting. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* In defeat, unbeatable; in victory, unbearable. -- W. Churchill, on General Montgomery */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)
What do you mean by It escapes single quotes with single quotes.?
so let's say my $content is
lalal 'lalalal' lalala
then what do I have to do to $content in order to insert to my MSSQL table?
-Original Message-
From: Lowell Allen [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem
but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)[Scanned]
Kelvin,
This link should be helpful:
http://www.mysql.com/doc/en/String_syntax.html
Regards,
Michael Egan
-Original Message-
From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED]
Sent: 20 March 2003 16:21
To: 'Lowell Allen'
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Addslashes problem (MSSQL)[Scanned]
What do you mean by It escapes single quotes with single quotes.?
so let's say my $content is
lalal 'lalalal' lalala
then what do I have to do to $content in order to insert to my MSSQL table?
-Original Message-
From: Lowell Allen [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem
but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Addslashes problem (MSSQL)
Read the user-contributed notes following the online manual info on
addslashes: http://www.php.net/manual/en/function.addslashes.php
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 11:20:51 -0500
To: 'Lowell Allen' [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: RE: [PHP] Addslashes problem (MSSQL)
What do you mean by It escapes single quotes with single quotes.?
so let's say my $content is
lalal 'lalalal' lalala
then what do I have to do to $content in order to insert to my MSSQL table?
-Original Message-
From: Lowell Allen [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
From: Poon, Kelvin (Infomart) [EMAIL PROTECTED]
Date: Thu, 20 Mar 2003 10:58:02 -0500
To: '[EMAIL PROTECTED]' [EMAIL PROTECTED]
Subject: [PHP] Addslashes problem (MSSQL)
Hi,
I have a problem that lets you add a record to a database. THere is a
problem with it, and the following is the area of the program where it has
problem.
$created_date = date('m, d, Y');
$title = strip_tags($title);
$keywords = strip_tags($keywords);
$content = strip_tags($content);
$product = strip_tags($product);
if (!get_magic_quotes_gpc()) {
$title = addslashes($title);
$keywords = addslashes($keywords);
$product = addslashes($product);
$content = addslashes($content);
}
$query = SELECT * FROM knowledgeBase;
$result = mssql_query($query);
$ID = mssql_num_rows($result);
$ID += 1;
$query2 = INSERT INTO knowledgeBase(
ID,
Title,
Keywords,
Content,
[Created Date],
[Updated Date],
Product)
VALUES(
'.$ID.',
'.$title.',
'.$keywords.',
'.$content.',
'.$created_date.',
'Never',
'.$product.');
$result2 = mssql_query($query2);
where my $content value is osmethign like this.
Step 1: Access the homepage
Step 2: type in your username under the field 'username'
and after the addslashes funciton there would be \ around the 'username'
like this..
\'username\'and now after running this program I got an error message:
Warning: MS SQL message: Line 14: Incorrect syntax near 'username'.
(severity 15) in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php
on line 119
Warning: MS SQL: Query failed in
d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119
does any body have any idea? I did the same thing with another problem
but
it worked fine. I have no idea what the problem is. I know I need to
addslashes to the string since I am putting it in the valuable
$query2..please advise..
THanks!.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] addslashes problem ..
I have to use addslashes on a string of mine so I can use it in a javascript
function, so that when a link is clicked, a html textarea box is populated
with that string.
The problem I have is that if there are line breaks in the string, the
br's seem to get created when addslashes is run on the string, then in the
textarea box my string looks like:
i can't do thatbrright nowbrbut maybe laterbr
How can I get the slashes escaped properly, but keep the same format? I
tried this:
$RESPONSE = eregi_replace('br[[:space:]]*/?[[:space:]]*', \n,
$RESPONSE);
but it didn't work for me, it just kinda merged all the strings together, no
line breaks (or br's) at all.
Thanks,
Chad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] addslashes problem ..
maybe i don't undestand correctly but try:
$string = str_replace(br,\\n,$string);
i.e escape the escape character \\n
- Original Message -
From: Chad Day [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 06, 2001 4:38 PM
Subject: [PHP] addslashes problem ..
I have to use addslashes on a string of mine so I can use it in a
javascript
function, so that when a link is clicked, a html textarea box is populated
with that string.
The problem I have is that if there are line breaks in the string, the
br's seem to get created when addslashes is run on the string, then in
the
textarea box my string looks like:
i can't do thatbrright nowbrbut maybe laterbr
How can I get the slashes escaped properly, but keep the same format? I
tried this:
$RESPONSE = eregi_replace('br[[:space:]]*/?[[:space:]]*', \n,
$RESPONSE);
but it didn't work for me, it just kinda merged all the strings together,
no
line breaks (or br's) at all.
Thanks,
Chad
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
