SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    SitePoint Member
    Join Date
    Nov 2000
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, I have a string that might have a few ' in it, and I'm going to put this string into a database, with something like this:

    Code:
    ... VALUES (NULL, '$TheString' ...
    and I want to turn the ' into \' so that I wont get an error.

    I've tried
    Code:
    ereg_replace("'", "\'", $TheString)
    and
    Code:
    ereg_replace("'", "\\'", $TheString)
    but it doesn't work.

  2. #2
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $TheString = addslashes($TheString);

    before you insert it in to the database
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  3. #3
    SitePoint Evangelist
    Join Date
    Jul 2000
    Location
    Warwickshire, England
    Posts
    557
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need

    $TheString = stripslashes($TheString); //take out slashes
    $TheString = addslashes($TheString); //add them!

    <edit>
    Freddy made it before me!
    </edit>

  4. #4
    SitePoint Member
    Join Date
    Nov 2000
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I tried that, but that puts slashes around " as well.

  5. #5
    SitePoint Evangelist
    Join Date
    Jul 2000
    Location
    Warwickshire, England
    Posts
    557
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    But if you use stripslashes when you retrieve [the content], what is the problem?

  6. #6
    SitePoint Member
    Join Date
    Nov 2000
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, but I'd rather that the string be stored exactly as it was typed, and I'm pretty sure there must be a way with ereg_replace...

  7. #7
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You need the slashes behind the quotes so MySQL won't truncate the string. You can't have it in MySQL with a ' in the middle without the \'
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  8. #8
    SitePoint Member
    Join Date
    Nov 2000
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I know that... Thats why I asked how to replace all the ' with \'....

  9. #9
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so what is the big deal with using addslashes() You don't want the " escaped as well is that the only reason? Why is it necessary:
    Yeah, but I'd rather that the string be stored exactly as it was typed, and I'm pretty sure there must be a way with ereg_replace...
    Not sure I follow you there with addslashes() and stripslashes() the slashes are only present when in the database.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  10. #10
    SitePoint Member
    Join Date
    Nov 2000
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, if I send this to MySQL:
    Code:
    ... VALUES (NULL, 'Single quote: \', Double quote: \"' ...
    (which is what would happen if I use addslashes) It would get stored as
    Code:
    Single quote: ', Double quote: \"
    This is not good cause if I want to search the database using LIKE, and what I was searching for had a " in it, it wouldn't find it cause it's stored as \".

    But if I just change the ' into \', then I don't have that problem.

  11. #11
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Run addslashes() to the search phrase.
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  12. #12
    SitePoint Member
    Join Date
    Nov 2000
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, I figured out how to change just ' into \'. I used this:
    Code:
    if (get_magic_quotes_gpc()) $stringName = stripslashes($stringName);
    $stringName = ereg_replace("'", "\\'", $stringName);

  13. #13
    SitePoint Wizard jumpthru's Avatar
    Join Date
    Apr 2000
    Location
    Los Angeles, California
    Posts
    1,008
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    im confused, but whatever.

    quick question.

    if i say

    $filetext=file(file.txt); //or whatever the code is to get a file in an array

    then go $tmp=filetext[0]

    what if the first line of file.txt had a " or ' in it? would slashes automatically be added into the variable value? does this make since?

  14. #14
    Dumb PHP codin' cat
    Join Date
    Aug 2000
    Location
    San Diego, CA
    Posts
    5,460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good question have you tested it?
    Please don't PM me with questions.
    Use the forums, that is what they are here for.

  15. #15
    SitePoint Wizard jumpthru's Avatar
    Join Date
    Apr 2000
    Location
    Los Angeles, California
    Posts
    1,008
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    no, thats why i was asking. but i guess i am being lazy, might as well test it myself...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •