Peter Jay Salzman wrote:
> Hi Mike,
>
> To be perfectly honest, other than being a Microsoft thing, I
> don't really know what .NET is. Pretty pathetic, huh? :)
>
> This is some PHP code on Linux. I suspect it was originally
> written on a Microsoft operating system because when I edit
> the files, my editor reports the textfiles as being "dos"
> (they contain carriage-return and linefeeds at the end of each line).
>
> I hear you about the []; I *wish* I could use them. Proper
> quoting inside of PHP is very painful:
>
>
> $query = "INSERT INTO $database_table
> (id, day, month, date, year, category, title, body,
> showpref) VALUES (null,
> '" . sqlite_escape_string($_POST['the_day']) . "',
> '" . sqlite_escape_string($_POST['the_month']) . "',
> '" . sqlite_escape_string($_POST['the_date']) . "',
> (snip)
>
> The stuff that looks quoted (the middle section) is actually
> the stuff outside the language quotes, but inside the quoted
> quotes. Gruesome.
>
> But if I don't use sqlite_escape_string, single quotes cause
> a "SQL logic or missing database" error.
>
> But then, if I use sqlite_escape_string, I have to test
> get_magic_quotes_gpc and use stripslashes, and Eugene
> recommended. Hard to believe there isn't a better way of doing this!
>
> Pete
>
>
>
> On Thu 17 Mar 05, 5:59 AM,
> [EMAIL PROTECTED]
> <[EMAIL PROTECTED]> said:
>> Are you using the SQLite .NET provider? Just curious, anyway, SQLite
>> also supports using [ ] instead of " " and believe me it's a good
>> thing, using " " as delimiters is a poor choice considering this
>> conflicts with almost all languages when it comes to string
>> concatenation. In fact, I recommend use [ ] over " " all of the time,
>> however, the SQLite .NET managed driver has issues with the [ ]
>> delimiter style.
>>
>>
>>> I've nearly completed converting Wheatblog to sqlite. It's been
>>> quite a learning experience! I've come across a problem I haven't
>>> been able to figure out, though.
>>>
>>> Whenever I made a blog post that had a forward quote character (')
>>> in either the title or the body of the post, I'd get an error.
>>>
>>> After a little Googling, I changed my query to:
>>>
>>>
>>> $query = "INSERT INTO $database_table
>>> (id, day, month, date, year, category, title, body,
>>> showpref) VALUES (null, '" .
>>> sqlite_escape_string($_POST['the_day']) . "', '" .
>>> sqlite_escape_string($_POST['the_month']) . "', '" .
>>> sqlite_escape_string($_POST['the_date']) . "', '" .
>>> sqlite_escape_string($_POST['the_year']) . "', '" .
>>> sqlite_escape_string($_POST['the_category']) . "', '" .
>>> sqlite_escape_string($_POST['the_title']) . "', '" .
>>> sqlite_escape_string($_POST['the_body']) . "', '" .
>>> sqlite_escape_string($_POST['the_showpref']) . "')";
>>>
>>> DB_query($query, $db);
>>>
>>> and the definition of DB_query is:
>>>
>>>
>>> function DB_query($cmd, $db)
>>> {
>>> $retval = sqlite_query($db, "$cmd")
>>> or die('Query Error: ' .
>>> sqlite_error_string(sqlite_last_error($db)));
>>>
>>> return $retval;
>>> }
>>>
>>> This works in the sense that forward quotes no longer generate an
>>> error. However, whenever I print out a blog post, the forward
>>> quotes are all escaped. So if I post:
>>>
>>> This contains a ' character.
>>>
>>> The post, when printed looks like:
>>>
>>> This contains a \' character.
>>>
>>> What's the proper way to ensure that ' characters are properly
>>> quoted but don't show up in the output?
dos2unix "filename" will remove the trailing carriage returns
reid
