Peter Jay Salzman wrote: > Hi Mike, > > To be perfectly honest, other than being a Microsoft thing, I > don't really know what .NET is. Pretty pathetic, huh? :) > > This is some PHP code on Linux. I suspect it was originally > written on a Microsoft operating system because when I edit > the files, my editor reports the textfiles as being "dos" > (they contain carriage-return and linefeeds at the end of each line). > > I hear you about the []; I *wish* I could use them. Proper > quoting inside of PHP is very painful: > > > $query = "INSERT INTO $database_table > (id, day, month, date, year, category, title, body, > showpref) VALUES (null, > '" . sqlite_escape_string($_POST['the_day']) . "', > '" . sqlite_escape_string($_POST['the_month']) . "', > '" . sqlite_escape_string($_POST['the_date']) . "', > (snip) > > The stuff that looks quoted (the middle section) is actually > the stuff outside the language quotes, but inside the quoted > quotes. Gruesome. > > But if I don't use sqlite_escape_string, single quotes cause > a "SQL logic or missing database" error. > > But then, if I use sqlite_escape_string, I have to test > get_magic_quotes_gpc and use stripslashes, and Eugene > recommended. Hard to believe there isn't a better way of doing this! > > Pete > > > > On Thu 17 Mar 05, 5:59 AM, > [EMAIL PROTECTED] > <[EMAIL PROTECTED]> said: >> Are you using the SQLite .NET provider? Just curious, anyway, SQLite >> also supports using [ ] instead of " " and believe me it's a good >> thing, using " " as delimiters is a poor choice considering this >> conflicts with almost all languages when it comes to string >> concatenation. In fact, I recommend use [ ] over " " all of the time, >> however, the SQLite .NET managed driver has issues with the [ ] >> delimiter style. >> >> >>> I've nearly completed converting Wheatblog to sqlite. It's been >>> quite a learning experience! I've come across a problem I haven't >>> been able to figure out, though. >>> >>> Whenever I made a blog post that had a forward quote character (') >>> in either the title or the body of the post, I'd get an error. >>> >>> After a little Googling, I changed my query to: >>> >>> >>> $query = "INSERT INTO $database_table >>> (id, day, month, date, year, category, title, body, >>> showpref) VALUES (null, '" . >>> sqlite_escape_string($_POST['the_day']) . "', '" . >>> sqlite_escape_string($_POST['the_month']) . "', '" . >>> sqlite_escape_string($_POST['the_date']) . "', '" . >>> sqlite_escape_string($_POST['the_year']) . "', '" . >>> sqlite_escape_string($_POST['the_category']) . "', '" . >>> sqlite_escape_string($_POST['the_title']) . "', '" . >>> sqlite_escape_string($_POST['the_body']) . "', '" . >>> sqlite_escape_string($_POST['the_showpref']) . "')"; >>> >>> DB_query($query, $db); >>> >>> and the definition of DB_query is: >>> >>> >>> function DB_query($cmd, $db) >>> { >>> $retval = sqlite_query($db, "$cmd") >>> or die('Query Error: ' . >>> sqlite_error_string(sqlite_last_error($db))); >>> >>> return $retval; >>> } >>> >>> This works in the sense that forward quotes no longer generate an >>> error. However, whenever I print out a blog post, the forward >>> quotes are all escaped. So if I post: >>> >>> This contains a ' character. >>> >>> The post, when printed looks like: >>> >>> This contains a \' character. >>> >>> What's the proper way to ensure that ' characters are properly >>> quoted but don't show up in the output?
dos2unix "filename" will remove the trailing carriage returns reid