Page 2 of 2

Re: How do you use mysql_real_escape_string w/o backslashes?

Posted: Sat Jan 16, 2010 4:08 am
by simonmlewis
I've just read some of that page about it, but it's all gobble-de-gook to me.

Yes I have noticed the % where there are spaces.
The methods I read to "fix it" are somewhat lengthy. Is it same to assume there is a quick fix to get shot of it? Or at the very least, to do what the \' fix did?

It's the last in a small line of problems I am facing at the moment, including resizing images on upload, and resizing images for thumbnail purposes - all of which I will look more into once this initial one is solved.

Regards.

Re: How do you use mysql_real_escape_string w/o backslashes?

Posted: Sat Jan 16, 2010 4:36 am
by simonmlewis
This looks close to it, but looks like you have to encode the whole thing; not sure how I would do that as the code is only there to gather what's in the $head so that it can be used on the following page:

Code: Select all

<?php
 
$url = 'http://example.com?pid=12&uid=200'
echo 'http://test.com?url='.urlencode($url);
 
?>
Bearing in mind I am using (at the moment that doesn't work):

Code: Select all

    <?php
$posted_head = (get_magic_quotes_gpc()) ? stripslashes($_REQUEST['head']) : $_REQUEST['head'];
$head=mysql_real_escape_string($posted_head);
 
        if ($head != NULL) { echo "<div class='head'>
        $head</div>";}
    getPage();
    ?>