SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Location
    Tampa, Fl
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question about mysql_real_escape_strings

    Hi there, I have a question. What is the best way to extract information from MySQL when I have used mysql_real_escape_strings to insert it.

    The problem i'm having is, when I insert something like this and then retrieve it, the link won't work.
    HTML Code:
    <a href="http://www.mysite.com/">My Site</a>
    The source code outputs this.
    HTML Code:
    <a href=\"http://www.mysite.com/\">My Site</a>

    Is there a function that I can wrap around the variables so that the links and all HTML will be parsed like it's suppose to? Here is the PHP code.

    PHP Code:
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>Website</title>
    <link rel="stylesheet" media="screen" type="text/css" href="green_css.css" />
    </head>

    <body>
    <?php
    include('inc/mysql.php');
    MYSQL_CON();

    $sql "SELECT * FROM news ORDER BY newsID DESC LIMIT 2";
        
    $result mysql_query($sql);
            
    ?>
    <div id="wrapper">
        <div id="header">
            <div class="webname">Web Name</div>
            <div class="webslogan">Slogan Here</div>
        </div>
            <div class="subheader"></div>
        <div id="content">
     <?php  
        
    while($news mysql_fetch_object($result)) {
        echo
    '     <div class="news">'."\n";
        echo
    '       <div class="title">'.$news->newsTitle."</div>\n";
        echo
    '       <div class="date">'.$news->newsDate."</div>\n";
        echo
    '       <div class="newsbody">'.$news->newsBody."</div>\n";
        echo
    "   </div>\n";
        }
    ?>    
        </div><!--End of Content division-->
            <div class="subcontent"></div><!--End of SubContent-->
        <div id="footer"></div><!--End of Footer Division-->


    </div> <!--End of Wrapper Division-->
    </body>
    </html>
    Thanks for your help!

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,875
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    PHP Code:
    while($news mysql_fetch_object($result)) {
        echo
    '     <div class="news">'."\n";
        echo
    '       <div class="title">'."$news->newsTitle</div>\n";
        echo
    '       <div class="date">'."$news->newsDate</div>\n";
        echo
    '       <div class="newsbody">'."$news->newsBody</div>\n";
        echo
    "   </div>\n";
        } 
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Location
    Tampa, Fl
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hello FelGall, I copied and pasted your code, which isn't any different than mine and i still get the same result, when I view the source code, I see this
    HTML Code:
    <a href=\"http://www.mysite.com/\">My Site</a>
    Thank you for trying to help me.

  4. #4
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Yojance View Post
    Hello FelGall, I copied and pasted your code, which isn't any different than mine and i still get the same result, when I view the source code, I see this
    HTML Code:
    <a href=\"http://www.mysite.com/\">My Site</a>
    Thank you for trying to help me.
    I think what's happening is you have magic_quotes enabled on the server which is putting those slashes in.. you should check if gpc_magic_quotes is enabled and if it is run stripslashes on all your $_REQUEST data then do mysql_real_escape_string.. something like this-
    PHP Code:
    /* disable magic quotes if it hasn't already been done in php.ini */
    if (get_magic_quotes_gpc()) {
        function 
    stripslashes_deep($value)
        {
            
    $value is_array($value) ?
                        
    array_map('stripslashes_deep'$value) :
                        
    stripslashes($value);

            return 
    $value;
        }

        
    $_POST array_map('stripslashes_deep'$_POST);
        
    $_GET array_map('stripslashes_deep'$_GET);
        
    $_COOKIE array_map('stripslashes_deep'$_COOKIE);
        
    $_REQUEST array_map('stripslashes_deep'$_REQUEST);


  5. #5
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Location
    Tampa, Fl
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi catweasel, am I just suppose to copy and paste that on top of my code?
    Thanks for your help!

  6. #6
    SitePoint Evangelist catweasel's Avatar
    Join Date
    Apr 2007
    Location
    Goldfields, VIC, Australia
    Posts
    518
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Yojance View Post
    Hi catweasel, am I just suppose to copy and paste that on top of my code?
    Thanks for your help!
    Just stick it somewhere at the top of your file.. and once it's there make sure you always use msyql_real_escape_string

  7. #7
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Location
    Tampa, Fl
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you Thank you Thank you.

    It works like a charm


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •