SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    single quote insert problem

    Hi,

    can anyone help? I can't seem to get the single quotes to insert in a (daylog)textarea. I'm using the $daylog = mysql_real_escape_string($daylog);...am I missing something? Thanks much in advance! Fagin

    PHP Code:

    if ($go_on == true) {
        if (isset(
    $_POST['submit'])) {
            
    $member $_SESSION['login_id'];

            
    $recurrence_state '';
            if (
    $recurrence method_vars('recurrence') and
                    
    $recurrence == 'permanent') {
                
    $recurrence_state 'permanent';
            } 
          
    $daylog mysql_real_escape_string($daylog);
            echo 
    "<p><b>" $txt["Following_App_Added"] . ":</b></p>\n<p>";
            for (
    $i 0$i $num$i++) {
                
    $ins "INSERT INTO " $table " (name,
                                                    address,
                                                    type,
                                                    daylog,
                                                    cap, 
                                                    type,
                                                    block,
                                                    state) 
                        VALUES ('
    $member[$i]',
                                '
    $address',
                                '
    $type',
                                '
    $daylog',
                                '
    $cap', 
                                'guard',
                                '" 
    method_vars('block') . "',
                                '" 
    $state "')"

  2. #2
    Visible Ninja bronze trophy
    JeffWalden's Avatar
    Join Date
    Sep 2002
    Location
    Los Angeles
    Posts
    1,709
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    What is the actual value of the variable $daylog at the point when you're passing it to mysql_real_escape_string()?
    TAKE A WALK OUTSIDE YOUR MIND.

  3. #3
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The value of $daylog could be anything a user would like to enter in the textarea...It could be "Jame's input was well received" for example.

  4. #4
    Visible Ninja bronze trophy
    JeffWalden's Avatar
    Join Date
    Sep 2002
    Location
    Los Angeles
    Posts
    1,709
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Right. I guess my point was to determine if the variable $daylog actually contains data going into the function. Then, look at the data coming out of the function. Is it performing as you expected?

    I generally use addslashes() as part of my data cleanup process before sending it to the database.
    TAKE A WALK OUTSIDE YOUR MIND.

  5. #5
    Non-Member
    Join Date
    Apr 2011
    Location
    no fixed address
    Posts
    851
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think Jeff was asking to check the actual value of $daylog, not what it should be.

    Perhaps try this to help debug your code
    PHP Code:
    echo '$daylog (before) = '.$daylog.'<br />';

    $daylog mysql_real_escape_string($daylog);

    echo 
    '$daylog (after) = '.$daylog.'<br />';
    die(); 

  6. #6
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Not all of this is your issue, though they could be contributing to code problems in general.

    1) there is no "and" in php or other c dialect languages
    http://php.net/manual/en/language.op...comparison.php

    2) some consistent formatting/indentation might make it clearer what's going on.

    3) if $go_on is a bool, (or at least will return false for false) there's no reason to ==

    4) you should probably choose a method of string formatting and stick with it, instead of using four different methods of string building in one declaration. You've got some where you close the "" and add, you've got some where you don't, you've got some where you array, some where you don't... It's a confusing mess.

    5) this is your most likely culprit
    '$member[$i]'

    That's inside double quotes, and double quote escapes cannot resolve array indexes by another variable... which is part of why I think it's silly to even use double quotes in the first place in PHP for strings except when you really want to manually escape chars, or when you want single quotes without escapes.

    something more like:
    Code:
    if ($go_on) {
    	if (isset($_POST['submit'])) { 
    	
    		$member = $_SESSION['login_id']; 
    		
    		$recurrence_state=( 
    			($recurrence=method_vars('recurrence')) &&
    			($recurrence=='permanent')
    		) ? 'permanent' : '';
    		
    		$daylog=mysql_real_escape_string($daylog); 
    		
    		echo '
    			<p>
    				<b>',$txt[Following_App_Added],':</b>
    			</p>
    			<p>';
    			
    		for ($i=0; $i<$num; $i++) { 
    			$ins = "
    				INSERT INTO ".$table."
    				(
    					name, 
    					address, 
    					type, 
    					daylog, 
    					cap,	
    					type, 
    					block, 
    					state
    				)	VALUES (
    					'".$member[$i]".', 
    					'".$address."', 
    					'".$type."', 
    					'".$daylog."', 
    					'".$cap'",  
    					'guard', 
    					'".method_vars('block')."', 
    					'".$state."'
    				)";
    Would probably work... though honestly, do yourself a favor, get OUT of 2003, and switch to mysqli or PDO, then you don't have to worry about nonsense like mysql_real_escape_blah_blah_blah_namespace_too_blasted_long thanks to prepared queries. PDO's ability to pass the array as the parameter and to re-use the same query would really be sweet in a case like this.

    Code:
    if ($go_on) {
    
    	if (isset($_POST['submit'])) { 
    	
    		$member = $_SESSION['login_id']; 
    		
    		$recurrence_state=( 
    			($recurrence=method_vars('recurrence')) &&
    			($recurrence=='permanent')
    		) ? 'permanent' : '';
    		
    		echo '
    			<p>
    				<b>',$txt[Following_App_Added],':</b>
    			</p>
    			<p>';
    			
    		$statement=$dbPDO->prepare("
    			INSERT INTO ".$table."
    			(name,address,type,daylog,cap,type,block,state)
    			VALUES
    			(?,?,?,?,?,?,?,?)
    		";
    			
    		for ($i=0; $i<$num; $i++) { 
    			$dbPDO->execute(array(
    				$member[$i], 
    				$address, 
    				$type, 
    				$daylog, 
    				$cap,  
    				'guard', 
    				method_vars('block'), 
    				$state
    			));
    There's a reason the normal mysql_ functions should have gone the way of the dodo along with php4.

  7. #7
    SitePoint Member
    Join Date
    Jun 2008
    Posts
    16
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    problem solved!

    Gosh!

    Sorry y'all

    There was nothing wrong with my $daylog = mysql_real_escape_string($daylog);

    I just was adding it to the wrong table!

    Too many tables on one page and not enough coffee!


    Thanks everyone for your help.

  8. #8
    Visible Ninja bronze trophy
    JeffWalden's Avatar
    Join Date
    Sep 2002
    Location
    Los Angeles
    Posts
    1,709
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    For debugging purposes you may want to start echoing the MySQL error information if the query fails. If you were doing that, you would have noticed exactly what the problem was and saved yourself a whole lot of time.
    TAKE A WALK OUTSIDE YOUR MIND.

  9. #9
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by deathshadow60 View Post
    1) there is no "and" in php or other c dialect languages
    http://php.net/manual/en/language.op...comparison.php
    In PHP you can actually use the words 'and' and 'or':

    PHP Code:
    <?php

    $one 
    true;
    $two true;

    if(
    $one and $two) {
        echo 
    "They're both true!";
    } else {
        echo 
    "At least one of 'em isn't true!";
    }

    ?>

  10. #10
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    My bad, I missed the Logical Operators section -- though reading over the explanation of what makes them different from the Bitwise operators... they don't seem particularly logical; well, unless you're used to reverse polish notation.

    I'd still avoid them. Too ambiguous. I mean:

    $e = false || true; // returns true
    $f = false or true; // returns false?!?
    $g = true && false; // returns false...
    $h = true and false; // returns true?!?

    Ouch... no wonder I've NEVER seen them used in PHP code despite working in PHP for six to eight years.

  11. #11
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    73 Post(s)
    Tagged
    0 Thread(s)
    Yeah, this comes from the premise that = has a higher precedence than 'or' or 'and'.
    thus, $f = false or true; is interpreted as ($f = false) or true; and is why you see things such as
    $res = mysqli_query($query) or die("Query failed!");
    Because precedence will evaluate $res = first. (If it evaluated the 'or' first, $res could only be assigned a boolean value.)

    Personally, I always stick to && and ||. (Which have higher precedence than =)
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •