Re: quotes in mysql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Not so. No stripslashes required.

If you add slashes when writing your PHP query, slashes will NOT be sent to
the DB.
In other words:

$name = addslashes( "O'Reilly" ) ;
$query = "
    INSERT ...
    SET name = '{$name}'
" ;
// etc.

will simply store "O'Reilly" in the DB. The desired result.
Never store anything else than "pure" data in the DB: no slashes, no URL
encoding, etc.

Ignatius
_________________________
----- Original Message -----
From: "Tony Devlin" <tdevlin@xxxxxxxxxxxxx>
To: "'Sudeep Sarath'" <sudeepfiles@xxxxxxxxxxx>; "'Php-windows mailing
list'" <php-windows@xxxxxxxxxxxxx>
Sent: Friday, April 02, 2004 3:22 PM
Subject: RE:  quotes in mysql


You can use addslashes .. which would be


$check = addslashes($check);


Then when you extract the information from the database to be displayed you
want to you
would need to stripslashes as such

$check = stripslashes($check);

It's typically a good idea to always add/strip slashes on any field where
you think a ' or " might be used.


Tony Devlin
V. President / CTO
Airewaves Broadband
69 Robert Smalls Prkwy.
Suite 4B
Beaufort, SC 29902
tdevlin@xxxxxxxxxxxxx
http://www.airewaves.com
tel: (843) 379-2473
fax: (800) 861-6301
mobile: (678) 480-4959

-----Original Message-----
From: Sudeep Sarath [mailto:sudeepfiles@xxxxxxxxxxx]
Sent: Friday, April 02, 2004 3:16 AM
To: Php-windows mailing list
Subject:  quotes in mysql


Hi friends,

I have a 'textarea' in my php page and i need to put the details typed in
that textarea box to my MySQL database. The content in the textarea box
is(for example) : I'm a good boy.

and insert string is:

insert into table_name (describe) values('" . $check . "')

where check is the variable that stores the POST data of textarea. Also the
field "describe" is of a text datatype.

what happens is that i can't take the content string to the database.
B'cause it contains I'm (a single quote in between I and m) which confuses
mySql that string terminates after I. Is there any solution for this problem
as we cannot tell the users "dont put quotes in textarea".

....SuDeEp...

Win an evening with the Indian cricket captain: Yahoo! India Promos.

--
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP Windows Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [PHP Database Programming]     [PHP Install]     [Kernel Newbies]     [Yosemite Forum]     [PHP Books]

  Powered by Linux