SitePoint Sponsor

User Tag List

Results 1 to 9 of 9

Hybrid View

  1. #1
    SitePoint Addict
    Join Date
    Jan 2008
    Location
    Palm Harbor, FL
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy MySQL strings suddenly being stored with escape slashes

    I can't seem to figure out why, but suddenly MySQL strings are being stored with their 'escape' backslashes. My scripting language is PHP, and yes, magic_quotes are turned off.

    My scripts, which use the 'mysql_real_escape_string' function, are not working as they should.
    'mysql_real_escape_string("can't")' is now suddenly stored in the database as "can\'t".

    Does anyone know why this might have suddenly started happening... or, more importantly... does anyone have any ideas on how to fix it?

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You're double escaping the strings at some point, that's the only way it would happen. You need to look through your code -- everything that happens to the user input between the start of execution and executing the query.

  3. #3
    SitePoint Addict
    Join Date
    Jan 2008
    Location
    Palm Harbor, FL
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Grossman View Post
    You're double escaping the strings at some point, that's the only way it would happen. You need to look through your code -- everything that happens to the user input between the start of execution and executing the query.
    This just suddenly started happening out of the blue.

    Inserting something as simple as:
    PHP Code:
    mysql_real_escape_string("abc'd"); 
    ...will result in a backslash before the quote.

    Are there any MySQL settings I should check?

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Did you actually insert that example into the database, or just look at it in PHP? It should have the backslash in PHP, but not in the database.

  5. #5
    SitePoint Addict
    Join Date
    Jan 2008
    Location
    Palm Harbor, FL
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Dan Grossman View Post
    Did you actually insert that example into the database, or just look at it in PHP? It should have the backslash in PHP, but not in the database.
    There are backslashes in the actual database. =/

  6. #6
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You deflected: Did you insert that example into the database and look? I know there are backslashes from your real code already

  7. #7
    SitePoint Addict
    Join Date
    Jan 2008
    Location
    Palm Harbor, FL
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think the problem only happens when scripts specifically in my main script folder send POST data to the database. Scripts from the root folder don't seem to have the problem. There is no INI file in the scripts folder.

  8. #8
    SitePoint Addict
    Join Date
    Jan 2008
    Location
    Palm Harbor, FL
    Posts
    348
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well apparently copying the php.ini file from the root folder to the scripts folder seemed to do the trick. I thought a php.ini file applies to all subdirectories with no ini files of their own; ...guess I was wrong.

  9. #9
    SitePoint Wizard PHPycho's Avatar
    Join Date
    Dec 2005
    Posts
    1,201
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would prefer passing the values to be inserted, updated and selected in where condition in a wrapper functions and using auto escaping there.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •