[PHP] apostrphe's entered into MySQL database
Hi,
I've sent a few emails thus far regarding adding apostrophe's through a PHP
script form into a MySQL database. The responses I received indicated to
me that I needed to get my hosting company to activate magic_quotes_gpc.
After several days of talking with what seems to be the sole tech support
person left at my hosting company - I was told that the magic_quotes_gpc
variable is not supported by them.
Sooo ... this leaves me in a rather awkward situation. I need to have a
basic content management system up and running in the extremely near future
that will be utilized by a great number of individuals. If when an
apostrophe is entered - all the information entered through the form is
rejected by the database - the entire endeavour suddenly becomes rather
useless.
I know that if I enter a \ before any apostrophe's in the form, it all
works well ... but I highly doubt that the large number of volunteer's
we're going to be working with here will take the time to add them, or even
remember 5 minutes after I tell them.
Does anyone have any possible solutions for this problem? I'll include the
portion of code that seems to be causing the problems now ...
I'm already using the addslashes() command and it is not working ... I'm
desperate at this point ...
Again, the following works flawlessly on my local test machine running
Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
Thanks in advance,
-Tim
?php
$db = mysql_connect(localhost, , );
mysql_select_db(edoinfo,$db);
if ($submit) {
// here if no ID then adding else we're editing
if ($id) {
$sql = UPDATE ai_data SET
section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
WHERE id=$id;
} else {
$sql = INSERT INTO ai_data
(section,subsection,heading,title,info,entry) VALUES
('$section','$subsection','$heading','$title','$info',NOW());
}
// run SQL against the DB
$result = mysql_query($sql);
echo Record updated/edited!p;
echo a href='add_info.php' class='comcal'ADD A RECORD/a;
} elseif ($delete) {
// delete a record
$sql = DELETE FROM ai_data WHERE id=$id;
$result = mysql_query($sql);
echo $sql Record deleted!p;
echo a href='add_info.php' class='comcal'ADD A RECORD/a;
} else {
// this part happens if we don't press submit
if (!$id) {
// print the list if there is not editing
$result = mysql_query(SELECT * FROM ai_data,$db);
while ($myrow = mysql_fetch_array($result)) {
printf(a href=\%s?id=%s\ class='comcal'%s/a \n, $PHP_SELF,
$myrow[id], $myrow[title]);
printf(a href=\%s?id=%sdelete=yes\ class='comcal'(DELETE)/abr,
$PHP_SELF, $myrow[id]);
}
}
?
p a href=?php echo $PHP_SELF? class=comcalADD A RECORD/a
p form method=post action=?php echo $PHP_SELF?
?php
if ($id) {
// editing so select a record
$sql = SELECT * FROM ai_data WHERE id=$id;
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
$id = $myrow[id];
$section = $myrow[section];
$subsection = $myrow[subsection];
$heading = $myrow[heading];
$title = addslashes($myrow[title]);
$info = addslashes($myrow[info]);
$entry = $myrow[entry];
// print the id for editing
?
input type=hidden name=id value=?php echo $id ?
?php
}
?
/td
td align=left valign=topSectionfont size=1/font:/td
td align=left valign=top
input type=text name=section value=?php echo $section ?
size=35 maxlength=100 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topSub-Section: /td
td align=left valign=top
input type=text name=subsection value=?php echo $subsection
? size=35 maxlength=100 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topHeading Graphic: /td
td align=left valign=top
input type=text name=heading value=?php echo $heading ?
size=35 maxlength=255 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topSection Title: /td
td align=left valign=top
input type=text name=title value=?php echo $title ?
size=35 maxlength=255 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=top colspan=2nbsp;/td
/tr
tr
td align=left valign=topDocument Information: /td
td align=left valign=top
textarea cols=35 name=info rows=5 ?php
include('../../../scripts/forms.css'); ??php echo
Re: [PHP] apostrphe's entered into MySQL database
Why isn't addslashes() working? You addslashes then you stripslashes() :-) Anyway, how about mysql_escape_string()? -- Julio Nobrega. Um dia eu chego lá: http://sourceforge.net/projects/toca Ajudei? Salvei? Que tal um presentinho? http://www.submarino.com.br/wishlistclient.asp?wlid=664176742884 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] apostrphe's entered into MySQL database
I don't see why addslashes wouldn't work, but why not roll your own?
$dbStr = preg_replace(/'/, /\\'/);
I believe that, in MySQL, you can also double-up single quotes to escape
them:
$dbStr = preg_replace(/'/, /''/);
HTH
Matt
On Wed, 27 Feb 2002, Tim Thorburn wrote:
Hi,
I've sent a few emails thus far regarding adding apostrophe's through a PHP
script form into a MySQL database. The responses I received indicated to
me that I needed to get my hosting company to activate magic_quotes_gpc.
After several days of talking with what seems to be the sole tech support
person left at my hosting company - I was told that the magic_quotes_gpc
variable is not supported by them.
Sooo ... this leaves me in a rather awkward situation. I need to have a
basic content management system up and running in the extremely near future
that will be utilized by a great number of individuals. If when an
apostrophe is entered - all the information entered through the form is
rejected by the database - the entire endeavour suddenly becomes rather
useless.
I know that if I enter a \ before any apostrophe's in the form, it all
works well ... but I highly doubt that the large number of volunteer's
we're going to be working with here will take the time to add them, or even
remember 5 minutes after I tell them.
Does anyone have any possible solutions for this problem? I'll include the
portion of code that seems to be causing the problems now ...
I'm already using the addslashes() command and it is not working ... I'm
desperate at this point ...
Again, the following works flawlessly on my local test machine running
Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
Thanks in advance,
-Tim
?php
$db = mysql_connect(localhost, , );
mysql_select_db(edoinfo,$db);
if ($submit) {
// here if no ID then adding else we're editing
if ($id) {
$sql = UPDATE ai_data SET
section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
WHERE id=$id;
} else {
$sql = INSERT INTO ai_data
(section,subsection,heading,title,info,entry) VALUES
('$section','$subsection','$heading','$title','$info',NOW());
}
// run SQL against the DB
$result = mysql_query($sql);
echo Record updated/edited!p;
echo a href='add_info.php' class='comcal'ADD A RECORD/a;
} elseif ($delete) {
// delete a record
$sql = DELETE FROM ai_data WHERE id=$id;
$result = mysql_query($sql);
echo $sql Record deleted!p;
echo a href='add_info.php' class='comcal'ADD A RECORD/a;
} else {
// this part happens if we don't press submit
if (!$id) {
// print the list if there is not editing
$result = mysql_query(SELECT * FROM ai_data,$db);
while ($myrow = mysql_fetch_array($result)) {
printf(a href=\%s?id=%s\ class='comcal'%s/a \n, $PHP_SELF,
$myrow[id], $myrow[title]);
printf(a href=\%s?id=%sdelete=yes\ class='comcal'(DELETE)/abr,
$PHP_SELF, $myrow[id]);
}
}
?
p a href=?php echo $PHP_SELF? class=comcalADD A RECORD/a
p form method=post action=?php echo $PHP_SELF?
?php
if ($id) {
// editing so select a record
$sql = SELECT * FROM ai_data WHERE id=$id;
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
$id = $myrow[id];
$section = $myrow[section];
$subsection = $myrow[subsection];
$heading = $myrow[heading];
$title = addslashes($myrow[title]);
$info = addslashes($myrow[info]);
$entry = $myrow[entry];
// print the id for editing
?
input type=hidden name=id value=?php echo $id ?
?php
}
?
/td
td align=left valign=topSectionfont size=1/font:/td
td align=left valign=top
input type=text name=section value=?php echo $section ?
size=35 maxlength=100 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topSub-Section: /td
td align=left valign=top
input type=text name=subsection value=?php echo $subsection
? size=35 maxlength=100 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topHeading Graphic: /td
td align=left valign=top
input type=text name=heading value=?php echo $heading ?
size=35 maxlength=255 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topSection Title: /td
td align=left valign=top
input type=text name=title value=?php echo $title ?
size=35 maxlength=255 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td
Re: [PHP] apostrphe's entered into MySQL database
Whoops...helps if I write it legally.
$dbStr = preg_replace(/'/, /\\'/, $dbStr);
$dbStr = preg_replace(/'/, /''/, $dbStr);
M
On Wed, 27 Feb 2002, Matt Drake wrote:
I don't see why addslashes wouldn't work, but why not roll your own?
$dbStr = preg_replace(/'/, /\\'/);
I believe that, in MySQL, you can also double-up single quotes to escape
them:
$dbStr = preg_replace(/'/, /''/);
HTH
Matt
On Wed, 27 Feb 2002, Tim Thorburn wrote:
Hi,
I've sent a few emails thus far regarding adding apostrophe's through a PHP
script form into a MySQL database. The responses I received indicated to
me that I needed to get my hosting company to activate magic_quotes_gpc.
After several days of talking with what seems to be the sole tech support
person left at my hosting company - I was told that the magic_quotes_gpc
variable is not supported by them.
Sooo ... this leaves me in a rather awkward situation. I need to have a
basic content management system up and running in the extremely near future
that will be utilized by a great number of individuals. If when an
apostrophe is entered - all the information entered through the form is
rejected by the database - the entire endeavour suddenly becomes rather
useless.
I know that if I enter a \ before any apostrophe's in the form, it all
works well ... but I highly doubt that the large number of volunteer's
we're going to be working with here will take the time to add them, or even
remember 5 minutes after I tell them.
Does anyone have any possible solutions for this problem? I'll include the
portion of code that seems to be causing the problems now ...
I'm already using the addslashes() command and it is not working ... I'm
desperate at this point ...
Again, the following works flawlessly on my local test machine running
Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
Thanks in advance,
-Tim
?php
$db = mysql_connect(localhost, , );
mysql_select_db(edoinfo,$db);
if ($submit) {
// here if no ID then adding else we're editing
if ($id) {
$sql = UPDATE ai_data SET
section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
WHERE id=$id;
} else {
$sql = INSERT INTO ai_data
(section,subsection,heading,title,info,entry) VALUES
('$section','$subsection','$heading','$title','$info',NOW());
}
// run SQL against the DB
$result = mysql_query($sql);
echo Record updated/edited!p;
echo a href='add_info.php' class='comcal'ADD A RECORD/a;
} elseif ($delete) {
// delete a record
$sql = DELETE FROM ai_data WHERE id=$id;
$result = mysql_query($sql);
echo $sql Record deleted!p;
echo a href='add_info.php' class='comcal'ADD A RECORD/a;
} else {
// this part happens if we don't press submit
if (!$id) {
// print the list if there is not editing
$result = mysql_query(SELECT * FROM ai_data,$db);
while ($myrow = mysql_fetch_array($result)) {
printf(a href=\%s?id=%s\ class='comcal'%s/a \n, $PHP_SELF,
$myrow[id], $myrow[title]);
printf(a href=\%s?id=%sdelete=yes\ class='comcal'(DELETE)/abr,
$PHP_SELF, $myrow[id]);
}
}
?
p a href=?php echo $PHP_SELF? class=comcalADD A RECORD/a
p form method=post action=?php echo $PHP_SELF?
?php
if ($id) {
// editing so select a record
$sql = SELECT * FROM ai_data WHERE id=$id;
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
$id = $myrow[id];
$section = $myrow[section];
$subsection = $myrow[subsection];
$heading = $myrow[heading];
$title = addslashes($myrow[title]);
$info = addslashes($myrow[info]);
$entry = $myrow[entry];
// print the id for editing
?
input type=hidden name=id value=?php echo $id ?
?php
}
?
/td
td align=left valign=topSectionfont size=1/font:/td
td align=left valign=top
input type=text name=section value=?php echo $section ?
size=35 maxlength=100 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topSub-Section: /td
td align=left valign=top
input type=text name=subsection value=?php echo $subsection
? size=35 maxlength=100 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left valign=topHeading Graphic: /td
td align=left valign=top
input type=text name=heading value=?php echo $heading ?
size=35 maxlength=255 ?php include('../../../scripts/forms.css'); ?
/td
/tr
tr
td align=left
