I didn't see all the responses to this, so maybe someone already recommended
these things.
Looks like you may be over-complicating things in your code there.
First, if Magic Quotes are ON, then you probably want to stripslashes() to
get rid of extra slashes. If it's OFF, then don't worry about it. (I
think that's right.. been ages since I've had to deal with Magic Quotes so
don't remember without playing with it).
Second.. you should be using, at minimum, mysql_real_escape_string() on all
data items being inserted/updated/SELECT..WHERE'd, etc. You can't trust
user input or anything coming from the server. Anything you don't type
yourself as part of the query, that is. Most of it can be forged.
And that "is_numeric" check shouldn't make a difference. Even if it's
supposed to be numeric data, you should still use
mysql_real_escape_string() in case someone enters something bad (probably
making it non-numeric, but you know... stick with a consistant data
cleansing protocol).
Ok... quick recap...
Magic Quotes ON = extra slashes.. probably want to strip then before
continuing.
Magic Quotes OFF = everything's cool.. proceed to 'standard operating
procedure' (SOP) :)
SOP:
Use mysql_real_escape_string() on all data used in queries (or the equiv
function for your DB if it's not MySQL)
The only other thing to check is if you're viewing the echo'd results in a
browser, you might do View Source to see exactly what's output. Browsers
will interpret things sometimes. You might be able to enclose the output
in <code></code> tags to get around that. And make sure you're using
single quotes in your echo, so things aren't being interpretted in the echo
statement itself.
Some of these things are rare issues, but all things to check for if your
output isn't what you expect it to be or want it to be.
-TG
----- Original Message -----
From: "Nathan Nobbe" <quickshiftin@xxxxxxxxx>
To: "Don Proshetsky" <don@xxxxxxxxxxxxx>
Cc: php-general@xxxxxxxxxxxxx
Date: Wed, 10 Oct 2007 14:12:34 -0400
Subject: Re: How do I get PHP to save a backslash in a Mysql table?
> On 10/10/07, Don Proshetsky <don@xxxxxxxxxxxxx> wrote:
> >
> > Hi,
> >
> > I have a field in which a user inputs a Windows style directory path,
> > hence
> > using backslashes and not forward slashes.
> >
> > Example: c:\qb\data\mydatadile.qbw
> >
> > However, when the use clicks update, what gets saved is:
> > c:qbdatamydatadile.qbw
> >
> > Does anyone know if there is a work around?
> >
> > The backslashes mysteriously are stripped. I use the following function
> > to
> > wrap each variable that's saved in the MySQL table:
> >
> > function update_database($value)
> > {
> > // Addslashes
> > if (!(get_magic_quotes_gpc())) {
> > $value = addslashes($value);
> > }
> > // Quote if not a number or a numeric string
> > if (!is_numeric($value)) {
> > $value = mysql_real_escape_string($value);
> > }
> > return $value;
> > }
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
