[PHP] addSlashes problem....5 lines code
Hi, I am getting some input from a client in a text area, the input is an sql statement, so I am using addslashes but the damn thing is not working...any idea why? Heres my code: if(isset($_POST['the_sql_command'])) { $the_sql_command=$_POST['the_sql_command']; $the_sql_command=addslashes($the_sql_command); }else{$the_sql_command=none;} I tested it out by entering this sql into the database: insert into testing_table values('bill o'reilly') Opening phpmyadmin I looked in the able and there are no slashes being applied.!! just this: insert into testing_table values('bill o'reilly') (and yes, I did try this too: $the_sql_command=addslashes($_POST['the_sql_command']); ) What am I missing? Cheers, -Ryan -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addSlashes problem....5 lines code
On Monday 12 January 2004 12:31, Ryan A wrote: I am getting some input from a client in a text area, the input is an sql statement, so I am using addslashes but the damn thing is not working...any idea why? Heres my code: if(isset($_POST['the_sql_command'])) { $the_sql_command=$_POST['the_sql_command']; $the_sql_command=addslashes($the_sql_command); }else{$the_sql_command=none;} I tested it out by entering this sql into the database: insert into testing_table values('bill o'reilly') Opening phpmyadmin I looked in the able and there are no slashes being applied.!! just this: insert into testing_table values('bill o'reilly') (and yes, I did try this too: $the_sql_command=addslashes($_POST['the_sql_command']); ) What am I missing? Nothing (much). addslashes() _enables_ you to enter stuff which contains quotes into the DB properly, but the slashes are obviously not part of the data and hence not stored. To do want you want to do, you can try addslashes() on the data bit (ie: bill o'reilly), then addslashes() again on the entire $the_sql_command. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* The IBM 2250 is impressive ... if you compare it with a system selling for a tenth its price. -- D. Cohen */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addSlashes problem....5 lines code
Hi, Thanks for replying. * addslashes() _enables_ you to enter stuff which contains quotes into the DB properly, but the slashes are obviously not part of the data and hence not stored. * but the whole sql statement is part of the data right? I mean I am saving the whole sql statement for later use into the db * To do want you want to do, you can try addslashes() on the data bit (ie: bill o'reilly), then addslashes() again on the entire $the_sql_command. * How do I do this? Thanks, -Ryan On Monday 12 January 2004 12:31, Ryan A wrote: I am getting some input from a client in a text area, the input is an sql statement, so I am using addslashes but the damn thing is not working...any idea why? Heres my code: if(isset($_POST['the_sql_command'])) { $the_sql_command=$_POST['the_sql_command']; $the_sql_command=addslashes($the_sql_command); }else{$the_sql_command=none;} I tested it out by entering this sql into the database: insert into testing_table values('bill o'reilly') Opening phpmyadmin I looked in the able and there are no slashes being applied.!! just this: insert into testing_table values('bill o'reilly') (and yes, I did try this too: $the_sql_command=addslashes($_POST['the_sql_command']); ) What am I missing? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] addSlashes problem....5 lines code
On Monday 12 January 2004 13:25, Ryan A wrote: addslashes() _enables_ you to enter stuff which contains quotes into the DB properly, but the slashes are obviously not part of the data and hence not stored. * but the whole sql statement is part of the data right? I mean I am saving the whole sql statement for later use into the db In this case, yes, the whole sql statement is the data that is to be entered into the DB. But when you come to use the sql statement the data bit is bill o'reilly and that needs to have another addslashes() on it. Effectively, you want it looking like this when you first insert it: insert into testing_table values(\'bill o\\\'reilly\') To do want you want to do, you can try addslashes() on the data bit (ie: bill o'reilly), then addslashes() again on the entire $the_sql_command. * How do I do this? I have no idea how to separate the data bit easily. Furthermore it all depends on what kind of sql statements you will be accepting. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* In defeat, unbeatable; in victory, unbearable. -- W. Churchill, on General Montgomery */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Addslashes problem (MSSQL)
Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)
What do you mean by It escapes single quotes with single quotes.? so let's say my $content is lalal 'lalalal' lalala then what do I have to do to $content in order to insert to my MSSQL table? -Original Message- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Addslashes problem (MSSQL)[Scanned]
Kelvin, This link should be helpful: http://www.mysql.com/doc/en/String_syntax.html Regards, Michael Egan -Original Message- From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED] Sent: 20 March 2003 16:21 To: 'Lowell Allen' Cc: [EMAIL PROTECTED] Subject: RE: [PHP] Addslashes problem (MSSQL)[Scanned] What do you mean by It escapes single quotes with single quotes.? so let's say my $content is lalal 'lalalal' lalala then what do I have to do to $content in order to insert to my MSSQL table? -Original Message- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Addslashes problem (MSSQL)
Read the user-contributed notes following the online manual info on addslashes: http://www.php.net/manual/en/function.addslashes.php -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 11:20:51 -0500 To: 'Lowell Allen' [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: RE: [PHP] Addslashes problem (MSSQL) What do you mean by It escapes single quotes with single quotes.? so let's say my $content is lalal 'lalalal' lalala then what do I have to do to $content in order to insert to my MSSQL table? -Original Message- From: Lowell Allen [mailto:[EMAIL PROTECTED] Sent: Thursday, March 20, 2003 11:20 AM To: PHP Subject: Re: [PHP] Addslashes problem (MSSQL) MS-SQL doesn't escape with slashes. It escapes single quotes with single quotes. -- Lowell Allen From: Poon, Kelvin (Infomart) [EMAIL PROTECTED] Date: Thu, 20 Mar 2003 10:58:02 -0500 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: [PHP] Addslashes problem (MSSQL) Hi, I have a problem that lets you add a record to a database. THere is a problem with it, and the following is the area of the program where it has problem. $created_date = date('m, d, Y'); $title = strip_tags($title); $keywords = strip_tags($keywords); $content = strip_tags($content); $product = strip_tags($product); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $keywords = addslashes($keywords); $product = addslashes($product); $content = addslashes($content); } $query = SELECT * FROM knowledgeBase; $result = mssql_query($query); $ID = mssql_num_rows($result); $ID += 1; $query2 = INSERT INTO knowledgeBase( ID, Title, Keywords, Content, [Created Date], [Updated Date], Product) VALUES( '.$ID.', '.$title.', '.$keywords.', '.$content.', '.$created_date.', 'Never', '.$product.'); $result2 = mssql_query($query2); where my $content value is osmethign like this. Step 1: Access the homepage Step 2: type in your username under the field 'username' and after the addslashes funciton there would be \ around the 'username' like this.. \'username\'and now after running this program I got an error message: Warning: MS SQL message: Line 14: Incorrect syntax near 'username'. (severity 15) in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 Warning: MS SQL: Query failed in d:\apache_docroots\internal.infomart.ca\infodesk\kb_add.php on line 119 does any body have any idea? I did the same thing with another problem but it worked fine. I have no idea what the problem is. I know I need to addslashes to the string since I am putting it in the valuable $query2..please advise.. THanks!. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] addslashes problem ..
I have to use addslashes on a string of mine so I can use it in a javascript function, so that when a link is clicked, a html textarea box is populated with that string. The problem I have is that if there are line breaks in the string, the br's seem to get created when addslashes is run on the string, then in the textarea box my string looks like: i can't do thatbrright nowbrbut maybe laterbr How can I get the slashes escaped properly, but keep the same format? I tried this: $RESPONSE = eregi_replace('br[[:space:]]*/?[[:space:]]*', \n, $RESPONSE); but it didn't work for me, it just kinda merged all the strings together, no line breaks (or br's) at all. Thanks, Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] addslashes problem ..
maybe i don't undestand correctly but try: $string = str_replace(br,\\n,$string); i.e escape the escape character \\n - Original Message - From: Chad Day [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 06, 2001 4:38 PM Subject: [PHP] addslashes problem .. I have to use addslashes on a string of mine so I can use it in a javascript function, so that when a link is clicked, a html textarea box is populated with that string. The problem I have is that if there are line breaks in the string, the br's seem to get created when addslashes is run on the string, then in the textarea box my string looks like: i can't do thatbrright nowbrbut maybe laterbr How can I get the slashes escaped properly, but keep the same format? I tried this: $RESPONSE = eregi_replace('br[[:space:]]*/?[[:space:]]*', \n, $RESPONSE); but it didn't work for me, it just kinda merged all the strings together, no line breaks (or br's) at all. Thanks, Chad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]