Addslashes and InnoDB
Posted: Wed May 20, 2009 9:23 am
Hey, so I've got an existing, open-source system i've downloaded and significantly modified. It's all working well, but due to the fact I had to link forms together, I had to create relationships and chose early on in the project to switch from myISAM to InnoDB. I set up foreign keys and indexes and all works peachy.
Now, weeks later and many lines of code in, any text field or form where I put an apostrophe, it shows a backslash before the apostrophe. Now, I know you need escape characters to insert data into the database and I have my code listed below that shoes it's doing just that. this is the original, unmodified code that's performing the work, so i'm at a loss why all of a sudden, the entire site is showing slashes in the mysql fields and in the forms. the only consistent, site-wide thing I can think is the transition from myISAM to InnoDB and how one may require different functions, but I wasn't aware of that. The code:
From there, I have two sections for MySQL: Insert and Update. Then a form called 'form1':
I'm stuck. Any ideas why this is adding slashes and showing them in the forms when the proper code is in use?
Also, would this have anything to do with the depreciation of the get_magic_quotes_gpc() function in PHP 5.3? If so, what do I substitute?
Now, weeks later and many lines of code in, any text field or form where I put an apostrophe, it shows a backslash before the apostrophe. Now, I know you need escape characters to insert data into the database and I have my code listed below that shoes it's doing just that. this is the original, unmodified code that's performing the work, so i'm at a loss why all of a sudden, the entire site is showing slashes in the mysql fields and in the forms. the only consistent, site-wide thing I can think is the transition from myISAM to InnoDB and how one may require different functions, but I wasn't aware of that. The code:
Code: Select all
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}From there, I have two sections for MySQL: Insert and Update. Then a form called 'form1':
Code: Select all
/
if ($update==1) {
mysql_select_db($database_contacts, $contacts);
$query_contact = "SELECT * FROM contacts WHERE contact_id = ".$_GET['id']."";
$contact = mysql_query($query_contact, $contacts) or die(mysql_error());
$row_contact = mysql_fetch_assoc($contact);
$totalRows_contact = mysql_num_rows($contact);
}
if ($update==0) {
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
mysql_query("INSERT INTO contacts (contact_first, contact_middle, contact_last, contact_dob, contact_addr1, contact_addr2, contact_gender, contact_treatClin, contact_provider, contact_providerNum, contact_physician, contact_profile, contact_city, contact_state, contact_zip, contact_phone, contact_updated) VALUES
(
'".trim(addslashes($_POST['contact_first']))."',
'".trim(addslashes($_POST['contact_middle']))."',
'".trim(addslashes($_POST['contact_last']))."',
'".trim(addslashes($_POST['contact_dob']))."',
'".trim(addslashes($_POST['contact_addr1']))."',
'".trim(addslashes($_POST['contact_addr2']))."',
'".trim(addslashes($_POST['contact_gender']))."',
'".trim(addslashes($_POST['contact_treatClin']))."',
'".trim(addslashes($_POST['contact_provider']))."',
'".trim(addslashes($_POST['contact_providerNum']))."',
'".trim(addslashes($_POST['contact_physician']))."',
'".trim(addslashes($_POST['contact_profile']))."',
'".trim(addslashes($_POST['contact_city']))."',
'".trim(addslashes($_POST['contact_state']))."',
'".trim(addslashes($_POST['contact_zip']))."',
'".trim(addslashes($_POST['contact_phone']))."',
'".time()."'
)
");
set_msg('Patient Added');
$cid = mysql_insert_id();
$redirect = "contact-details.php?id=$cid";
header('Location: '.$redirect); die;
}
}
if ($update==1) {
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE contacts SET contact_first=%s, contact_middle=%s, contact_last=%s, contact_dob=%s, contact_addr1=%s, contact_addr2=%s, contact_gender=%s, contact_treatClin=%s, contact_provider=%s, contact_providerNum=%s, contact_physician=%s, contact_profile=%s, contact_city=%s, contact_state=%s, contact_zip=%s, contact_phone=%s, contact_updated=%s WHERE contact_id=%s",
GetSQLValueString(trim(addslashes($_POST['contact_first'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_middle'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_last'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_dob'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_addr1'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_addr2'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_gender'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_treatClin'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_provider'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_providerNum'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_physician'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_profile'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_city'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_state'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_zip'])), "text"),
GetSQLValueString(trim(addslashes($_POST['contact_phone'])), "text"),
GetSQLValueString(trim($_POST['contact_updated']), "int"),
GetSQLValueString(trim($_POST['contact_id']), "int"));
mysql_select_db($database_contacts, $contacts);
$Result1 = mysql_query($updateSQL, $contacts) or die(mysql_error());
set_msg('Patient Updated');
$cid = $_GET['id'];
$redirect = "contact-details.php?id=$cid";
header('Location: '.$redirect); die;
}
}Also, would this have anything to do with the depreciation of the get_magic_quotes_gpc() function in PHP 5.3? If so, what do I substitute?