Results 1 to 3 of 3
Aug 21, 2012, 06:24 #1
Disappearing back slashes on MySQL insert
I'm a bit baffled with this one. I have two separate INSERT INTO MySQL queries in different sections of my site. I have coded them the same from what i can tell but one insertes the backslashes into the database while the other does not. I am using OOP for my database queries so that part is exactly the same. If i look at the variables just before i insert them into the database in both scripts they have the backslashes.
This one doesnt insert the slashes into MySQL:
// insert the farm open day information into the database
$result = $database->query("INSERT INTO farm_open_days
(open_day_farm_name, open_day_farmer_name, farmer_row_id, open_day_title, open_day_description, open_day_start_date, open_day_start_time, open_day_finish_time)
// insert the user into database
$result = $database->query("INSERT INTO minfarm_users
(firstname, lastname, email, address01, address02, address03, town, country, postcode, tel01, accepted_tc_and_privacy, password, role, created, tokenhash, salt)
Aug 21, 2012, 06:33 #2
Ok, just tested my "working" script again. It seems that it doesnt insert the slashes if the form submits the first time without validation error but if their are validation errors and i have to resubmit the form it does add the slashes. Their must be something here that im just not understanding about how to deal with slashes when inserting into a MySQL database?
Aug 21, 2012, 07:04 #3
Whatever the problem is, it's almost certainly happening somewhere in all the code you haven't shown us. But just to wager a guess, here are a couple things you can try or keep your eyes open for. First thing to try: don't concatenate your variables into the SQL string. Use prepared statements. And second thing to keep your eyes open for: anywhere that you use stripslashes. Some scripts will strip slashes from the entire $_GET and $_POST arrays."Folks who know what they're doing make complexity seem simple."