Now, weeks later and many lines of code in, any text field or form where I put an apostrophe, it shows a backslash before the apostrophe. Now, I know you need escape characters to insert data into the database and I have my code listed below that shoes it's doing just that. this is the original, unmodified code that's performing the work, so i'm at a loss why all of a sudden, the entire site is showing slashes in the mysql fields and in the forms. the only consistent, site-wide thing I can think is the transition from myISAM to InnoDB and how one may require different functions, but I wasn't aware of that. The code:
Code: Select all
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}From there, I have two sections for MySQL: Insert and Update. Then a form called 'form1':
Code: Select all
/
if ($update==1) {
mysql_select_db($database_contacts, $contacts);
$query_contact = "SELECT * FROM contacts WHERE contact_id = ".$_GET['id']."";
$contact = mysql_query($query_contact, $contacts) or die(mysql_error());
$row_contact = mysql_fetch_assoc($contact);
$totalRows_contact = mysql_num_rows($contact);
}
if ($update==0) {
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
mysql_query("INSERT INTO contacts (contact_first, contact_middle, contact_last, contact_dob, contact_addr1, contact_addr2, contact_gender, contact_treatClin, contact_provider, contact_providerNum, contact_physician, contact_profile, contact_city, contact_state, contact_zip, contact_phone, contact_updated) VALUES
(
'".trim(addslashes($_POST['contact_first']))."',
'".trim(addslashes($_POST['contact_middle']))."',
'".trim(addslashes($_POST['contact_last']))."',
'".trim(addslashes($_POST['contact_dob']))."',
'".trim(addslashes($_POST['contact_addr1']))."',
'".trim(addslashes($_POST['contact_addr2']))."',
'".trim(addslashes($_POST['contact_gender']))."',
'".trim(addslashes($_POST['contact_treatClin']))."',
'".trim(addslashes($_POST['contact_provider']))."',
'".trim(addslashes($_POST['contact_providerNum']))."',
'".trim(addslashes($_POST['contact_physician']))."',
'".trim(addslashes($_POST['contact_profile']))."',
'".trim(addslashes($_POST['contact_city']))."',
'".trim(addslashes($_POST['contact_state']))."',
'".trim(addslashes($_POST['contact_zip']))."',
'".trim(addslashes($_POST['contact_phone']))."',
'".time()."'
)
");
set_msg('Patient Added');
$cid = mysql_insert_id();
$redirect = "contact-details.php?id=$cid";
header('Location: '.$redirect); die;
}
}
if ($update==1) {
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE contacts SET contact_first=%s, contact_middle=%s, contact_last=%s, contact_dob=%s, contact_addr1=%s, contact_addr2=%s, contact_gender=%s, contact_treatClin=%s, contact_provider=%s, contact_providerNum=%s, contact_physician=%s, contact_profile=%s, contact_city=%s, contact_state=%s, contact_zip=%s, contact_phone=%s, contact_updated=%s WHERE contact_id=%s",
GetSQLValueString(trim(addslashes($_POST['contact_first'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_middle'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_last'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_dob'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_addr1'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_addr2'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_gender'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_treatClin'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_provider'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_providerNum'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_physician'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_profile'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_city'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_state'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_zip'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_phone'])), "text"),
GetSQLValueString(trim($_POST['contact_updated']), "int"),
GetSQLValueString(trim($_POST['contact_id']), "int"));
mysql_select_db($database_contacts, $contacts);
$Result1 = mysql_query($updateSQL, $contacts) or die(mysql_error());
set_msg('Patient Updated');
$cid = $_GET['id'];
$redirect = "contact-details.php?id=$cid";
header('Location: '.$redirect); die;
}
}Also, would this have anything to do with the depreciation of the get_magic_quotes_gpc() function in PHP 5.3? If so, what do I substitute?