SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Guru Dashman's Avatar
    Join Date
    Jan 2006
    Location
    Manchester, UK
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Updating MySQL data, use addslashes?

    Hi

    I have a system through which I can update articles, through a form and the updated data gets inserted back into the db.
    I have an issue now, where, whenever I try to update an article, I get a MySQL erro, telling me that I have an error in my MySQL syntax near 'blah blah blah'.

    From what I can gather, MySQL is not liking the apostophes used in some words in the article eg: don't, website's.

    I have used the following PHP to try and solve the issue:
    PHP Code:
    $body addslashes($_POST['body']); 
    but it does not seem to be making a difference.
    Has anyone got any suggestions?

    Cheers
    D

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Saul

  3. #3
    Dinah-Moe Humm mudshark's Avatar
    Join Date
    Dec 2003
    Posts
    1,072
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    For what it's worth, here's a little function I use to prepare incoming data for entering into a database:
    PHP Code:
    function sanitize($string){
        
    $string = (get_magic_quotes_gpc() == true) ? strip_tags($string) : mysql_real_escape_string(strip_tags($string));
        return 
    $string;

    See if that helps you out.

  4. #4
    SitePoint Guru Dashman's Avatar
    Join Date
    Jan 2006
    Location
    Manchester, UK
    Posts
    627
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    thanks very much guys....
    php_daemon: mysql_real_escape_string solved the issue
    and
    mudshark: your function is going to prove extremely handy for me, in the sense that when I update each article, the same copy/content goes into a field for search text in my db, and I have thus far not been able to only get only pure text into that field (ie: without all the extra xhtml markup in the content)

    Thanks again both you guys,
    D

  5. #5
    Dinah-Moe Humm mudshark's Avatar
    Join Date
    Dec 2003
    Posts
    1,072
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Heh, I overlooked the fact that you're updating your own articles -- thus no fear of sql-injecting yourself I guess! Handy for search though, indeed. I'd never thought of it that way. Although of course you might as well stick to the one db field and use strip_tags when outputting to html...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •