Nathan Rixham wrote:
Zoltán Németh wrote:
2008. 02. 19, kedd keltezéssel 11.03-kor Nathan Rixham ezt írta:
Richard Heyes wrote:
Shawn McKenzie wrote:
nihilism machine wrote:
I have a user saving a VARCHAR(255) field in a mysql db which has
single
quotes in the text, how can i replace them so that they dont fuck
up my
mysql command?
-e
Have you tried: dont_fuck_up_my_mysql_command()
Hrmph, I can't seem to find that in the manual...
it's been depricated I heard in favour of unfuck();
as I remember its also in SPL.
$whatever = new MySqlCommandUnFucker($command);
$whatever->unFuck();
:D
greets
Zoltán Németh
<?php
class MySqlCommandUnFucker {
public function _unfucker($toUnFuck) {
if(function_exists('get_magic_quotes_gpc')) {
if (get_magic_quotes_gpc()) {
$in = stripslashes($toUnFuck);
}
}
return $in;
}
public function unFuck($fucked) {
if(function_exists('mysql_real_escape_string')) {
return mysql_real_escape_string($this->_unfucker($fucked));
} else {
return $fucked;
}
}
}
?>
usage:
$unfucker = new MySqlCommandUnFucker;
$sql = $unfucker ->unFuck($sql);
:)
apologies! a slight correction for nihilism (the class does work..)
usage:
$unfucker = new MySqlCommandUnFucker;
$sql = "INSERT INTO tablename (varcol) VALUES ('";
$sql .= $unfucker->unFuck($myfuckedvariable);
$sql .= "')";
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
