| SitePoint Sponsor |
|
|
User Tag List
Results 1 to 9 of 9
-
Oct 28, 2009, 06:20 #1SitePoint Addict
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
MySQL strings suddenly being stored with escape slashes
I can't seem to figure out why, but suddenly MySQL strings are being stored with their 'escape' backslashes. My scripting language is PHP, and yes, magic_quotes are turned off.
My scripts, which use the 'mysql_real_escape_string' function, are not working as they should.
'mysql_real_escape_string("can't")' is now suddenly stored in the database as "can\'t".
Does anyone know why this might have suddenly started happening... or, more importantly... does anyone have any ideas on how to fix it?
-
Oct 28, 2009, 06:26 #2Follow Me On Twitter: @djg
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
You're double escaping the strings at some point, that's the only way it would happen. You need to look through your code -- everything that happens to the user input between the start of execution and executing the query.
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
Oct 28, 2009, 06:33 #3SitePoint Addict
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
This just suddenly started happening out of the blue.
Originally Posted by Dan Grossman
Inserting something as simple as:
...will result in a backslash before the quote.PHP Code:mysql_real_escape_string("abc'd");
Are there any MySQL settings I should check?
-
Oct 28, 2009, 06:36 #4Follow Me On Twitter: @djg
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Did you actually insert that example into the database, or just look at it in PHP? It should have the backslash in PHP, but not in the database.
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
Oct 28, 2009, 06:38 #5SitePoint Addict
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
There are backslashes in the actual database. =/ Originally Posted by Dan Grossman
-
Oct 28, 2009, 06:42 #6Follow Me On Twitter: @djg
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
You deflected: Did you insert that example into the database and look? I know there are backslashes from your real code already
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
Oct 28, 2009, 07:32 #7SitePoint Addict
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I think the problem only happens when scripts specifically in my main script folder send POST data to the database. Scripts from the root folder don't seem to have the problem. There is no INI file in the scripts folder.
-
Oct 29, 2009, 21:44 #8SitePoint Addict
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Well apparently copying the php.ini file from the root folder to the scripts folder seemed to do the trick. I thought a php.ini file applies to all subdirectories with no ini files of their own; ...guess I was wrong.
-
Oct 30, 2009, 02:02 #9SitePoint Wizard
- Join Date
- Dec 2005
- Posts
- 1,201
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I would prefer passing the values to be inserted, updated and selected in where condition in a wrapper functions and using auto escaping there.
Bookmarks