SitePoint Sponsor |
|
User Tag List
Results 1 to 9 of 9
-
Oct 28, 2009, 06:20 #1
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
MySQL strings suddenly being stored with escape slashes
I can't seem to figure out why, but suddenly MySQL strings are being stored with their 'escape' backslashes. My scripting language is PHP, and yes, magic_quotes are turned off.
My scripts, which use the 'mysql_real_escape_string' function, are not working as they should.
'mysql_real_escape_string("can't")' is now suddenly stored in the database as "can\'t".
Does anyone know why this might have suddenly started happening... or, more importantly... does anyone have any ideas on how to fix it?
-
Oct 28, 2009, 06:26 #2
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
You're double escaping the strings at some point, that's the only way it would happen. You need to look through your code -- everything that happens to the user input between the start of execution and executing the query.
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
Oct 28, 2009, 06:33 #3
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Oct 28, 2009, 06:36 #4
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
Did you actually insert that example into the database, or just look at it in PHP? It should have the backslash in PHP, but not in the database.
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
Oct 28, 2009, 06:38 #5
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
-
Oct 28, 2009, 06:42 #6
- Join Date
- Aug 2000
- Location
- Philadephia, PA
- Posts
- 20,578
- Mentioned
- 1 Post(s)
- Tagged
- 0 Thread(s)
You deflected: Did you insert that example into the database and look? I know there are backslashes from your real code already
Try Improvely, your online marketing dashboard.
→ Conversion tracking, click fraud detection, A/B testing and more
-
Oct 28, 2009, 07:32 #7
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
I think the problem only happens when scripts specifically in my main script folder send POST data to the database. Scripts from the root folder don't seem to have the problem. There is no INI file in the scripts folder.
-
Oct 29, 2009, 21:44 #8
- Join Date
- Jan 2008
- Location
- Palm Harbor, FL
- Posts
- 348
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Well apparently copying the php.ini file from the root folder to the scripts folder seemed to do the trick. I thought a php.ini file applies to all subdirectories with no ini files of their own; ...guess I was wrong.
-
Oct 30, 2009, 02:02 #9
I would prefer passing the values to be inserted, updated and selected in where condition in a wrapper functions and using auto escaping there.
Bookmarks