addslashes

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
rsmarsha
Forum Contributor
Posts: 242
Joined: Tue Feb 08, 2005 4:06 am
Location: Leeds, England

addslashes

Post by rsmarsha »

I'm trying to use add slashes in a query and am getting errors.

Code: Select all

"INSERT INTO mailing_lists (list_name,list_text) VALUES (".$_POST['list_name'].",".addslashes($stringnew)."";
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

What errors are you getting? Your SQL syntax looks fine. Although it could be shortened to this:

Code: Select all

"INSERT INTO mailing_lists (list_name,list_text) VALUES (".$_POST['list_name'].",".addslashes($stringnew);
Also, you may want to insert single quotes around your values.

Code: Select all

"...VALUES('".$_POST['list_name']."','".addslashes($stringnew)."'";
Also, you might be interested in one of the string escaping functions like mysql_real_escape_string()
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
rsmarsha
Forum Contributor
Posts: 242
Joined: Tue Feb 08, 2005 4:06 am
Location: Leeds, England

Post by rsmarsha »

the error i'm getting is :

Code: Select all

Query(Add): INSERT INTO mailing_lists (list_name,list_text) VALUES('slashes','test\\\'test\\\'test' FailedYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Current query is :

Code: Select all

INSERT INTO mailing_lists (list_name,list_text) VALUES('".$_POST['list_name']."','".addslashes($stringnew)."'"

//it's wrapped in a small DB function like

db_query("INSERT INTO mailing_lists (list_name,list_text) VALUES('".$_POST['list_name']."','".addslashes($stringnew)."'", 'Add');

//but all other queries work in that manner and i've tried it alone, with same results.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

so it's not just a copy&paste error, you really forgot the closing )
rsmarsha
Forum Contributor
Posts: 242
Joined: Tue Feb 08, 2005 4:06 am
Location: Leeds, England

Post by rsmarsha »

Oops. :oops: Well i added that and still get errors. I even took the code down to :

Code: Select all

$i = "INSERT INTO mailing_lists (list_name) (".$_POST['list_name'].")";
$iq = mysql_query($i, $db_conn) or die("Query $i Failed".mysql_error());
I still get erors there too and i can't see why.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

me neither ...because you didn't post the new error message...
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Shouldn't use addslashes but mysql_real_escape_string instead...

Assuming the two columns are of type (VAR)CHAR.. In that case you'd have to add quotes around the values too... So your query would become:

Code: Select all

$query = "INSERT INTO mailing_lists(list_name, list_text) VALUES ('" 
                  . mysql_real_escape_string($_POST['list_name']) 
                  . "', '" . mysql_real_escape_string($stringnew) 
                  . "');";
rsmarsha
Forum Contributor
Posts: 242
Joined: Tue Feb 08, 2005 4:06 am
Location: Leeds, England

Post by rsmarsha »

Thanks, that works. :)

Now just have to work out how to format text entered into the db to work with the php mail function, or use swiftmail. :)
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

You also need to accomodate for maggic quotes.
Post Reply