I have an issue with fetching inserted data from database. I have inserted a string CENTRALIZER,MOTOR 5.50" OD 3SS into database in PHP But when i try to fetch it from database on Linux server. It showing result like as:-
CENTRALIZER,MOTOR 5.50" OD 3SS i.e. not same as above.
Please help how to fix this issue online on Linux server.
It looks like you escape quotes before inserting into the database. Or before displaying the output.
But I can’t really tell without seeing your PHP code.
You can insert any string like CENTRALIZER,MOTOR 5.50" OD 3SS with special symbol like " into database, But when you fetch it, it automatically add \ in the string.
have you got my point?
Yes I understood that. But that doesn’t happen “automatically” (unless you have magic quotes enabled, but that has been deprecated for ages, so not very likely), there must be something in your code that does that. That’s why it would help if you could post the part of your code that inserts, retrieves and displays the data.
Doesn’t that happen automatically if you use PDO and bindparam() to store the data? I do a similar thing with no manual escaping of strings, but if any of them have quotes in they get escaped when the data is stored. I can’t say I have or have not got magicquotes enabled, but it’s a relatively new default WAMP installation.
But when you retrieve the data from the database with PDO, it doesn’t contain any escaped characters. That’s the difference between using add_slashes and mysqli/PDO string escaping.
Do you know how to view that row in the database?
If not I highly recommend installing MySQL Workbench.
Once MySQL Workbench is installed the can go and look at the data in raw form.
That should confirm to you what guido2004 is saying.
Which leads to the question at hand as to what process is inserting that data.
Disclaimer: There are many other database programs but Workbench is the one I’m familiar with so that is what I recommended. You could also connect to MySQL via the command prompt but I’m not sure how to do that with XAMPP since my entire local dev environment runs on vms.
My guess is there’s “…escape_string” or “addslashes” (or possibly a str_replace) somewhere in the sanitization code.
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.