SitePoint Sponsor

User Tag List

Results 1 to 12 of 12
  1. #1
    SitePoint Evangelist
    Join Date
    Mar 2004
    Location
    Fort Lauderdale
    Posts
    522
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    magic quotes is off, now what?

    mysql_real_escape_string is not working when I want to escape the "unsafe" characters.

    how have you done it?

  2. #2
    SitePoint Wizard
    Join Date
    Oct 2001
    Location
    Tucson, Arizona
    Posts
    1,858
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You said the function isn't "working," but could you please elaborate a little? In your mind, what exactly isn't working about it?

  3. #3
    SitePoint Evangelist
    Join Date
    Mar 2004
    Location
    Fort Lauderdale
    Posts
    522
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have tried these functions with magic quotes being off and none of those give me the slashes. Here are the functions I have used:

    mysql_escape_string,
    addslashes

    the thing is = when I print the variable that I am sending to database, it echos with slashes, yet when I check the database, it doesnt show any slashes there. I thought - maybe my mysql setting somehow automatically deletes them?
    what do you think?

    $r = "I don't know what this is.";
    $Test = addslashes($r);
    echo $Test; = this produces "I don\'t know what this is."

    but when I look at the database through phpmyadmin - the "\" is gone!!!

    Thanks

  4. #4
    SitePoint Evangelist
    Join Date
    Mar 2004
    Location
    Fort Lauderdale
    Posts
    522
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I even used the new pearDB::$db->escapeSimple();

    that one produces the slashes but when they go to the database, the slashes are gone!

    I am really confused....it must be somethign in mysql!

  5. #5
    If it aint Dutch it aint much Kilroy's Avatar
    Join Date
    Oct 2003
    Location
    The Netherlands
    Posts
    406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For your information: you do not want slashes in the database. The mysql_escape_string() and addslashes() functions exist to escape data for insertion into the database.

  6. #6
    SitePoint Addict
    Join Date
    Jan 2002
    Location
    Southwest Florida
    Posts
    393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by photo312
    "I don\'t know what this is."
    What Kilroy said..... The slash in there before the apostrophe means "This is an apostrophe, not a string delimiter, and treat it as such." Thus, php sends the string to the MySQL db with the apostrophe intact, rather than thinking that maybe $Test should be "I don" and then choking on "t know what this is."

  7. #7
    If it aint Dutch it aint much Kilroy's Avatar
    Join Date
    Oct 2003
    Location
    The Netherlands
    Posts
    406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's what I meant

  8. #8
    SitePoint Addict
    Join Date
    Jan 2002
    Location
    Southwest Florida
    Posts
    393
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I know, I just thought photo312 might benefit from a tad more information.

    It took me some effort to get my head around the same concept when I was learning about addslashes, and I remember being confused about the exact same thing.

  9. #9
    If it aint Dutch it aint much Kilroy's Avatar
    Join Date
    Oct 2003
    Location
    The Netherlands
    Posts
    406
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Me too, as a matter of fact, most people are and that's the reason they come to these forums

  10. #10
    SitePoint Wizard
    Join Date
    Oct 2001
    Location
    Tucson, Arizona
    Posts
    1,858
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Because of the misconceptions explained above, another common mistake is to use stripslashes() when displaying data from the database. Resist the temptation to make this mistake---data coming from a database should already be slash-free.

  11. #11
    Afraid I can't do that Dave Hal9k's Avatar
    Join Date
    Mar 2004
    Location
    East Anglia, England.
    Posts
    640
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Very valuable thread in regards to the above topic:
    http://www.sitepoint.com/forums/show...=162711&page=1

    47% more sass begs the question to what the previous level was.

  12. #12
    SitePoint Evangelist
    Join Date
    Mar 2004
    Location
    Fort Lauderdale
    Posts
    522
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh...o.k.e.y. I got it now...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •