Page 1 of 1

mysql_real_escape_string() issue

Posted: Wed Oct 04, 2006 6:12 pm
by trent2800
I seem to be having an issue with mysql_real_escape_string(). When I use the following code to update my database, it seems to add an extra \ every time. Should I be running data through an extra function?

Code:

Code: Select all

$ProductID = mysql_real_escape_string($_POST['ProductID']);
	$Name = mysql_real_escape_string($_POST['Name']);
	$Price = mysql_real_escape_string($_POST['Price']);
	$Sold = mysql_real_escape_string($_POST['Sold']);
	$ArtistID = mysql_real_escape_string($_POST['ArtistID']);
	$CategoryID = mysql_real_escape_string($_POST['CategoryID']);
	$Desc = mysql_real_escape_string($_POST['Desc']);
	$Bodice = mysql_real_escape_string($_POST['Bodice']);
	$Spin = mysql_real_escape_string($_POST['Spin']);
	$Length = mysql_real_escape_string($_POST['Length']);
	$Waist = mysql_real_escape_string($_POST['Waist']);
	$Inseam = mysql_real_escape_string($_POST['Inseam']);
	$Chest = mysql_real_escape_string($_POST['Chest']);

		if ($type == 'edit'){	
		       $query = "UPDATE CLOTHING SET `Name` = '".$Name."', `ArtistID` = '".$ArtistID."', `CategoryID` = '".$CategoryID."',`Desc` = '".$Desc."', `Bodice` = '".$Bodice."',`Spin` = '".$Spin."', `Length` = '".$Length."', `Waist` = '".$Waist."', `Inseam` = '".$Inseam."', `Chest` = '".$Chest."', `Sold` = '".$Sold."', `Price` = '".$Price."' WHERE `ProductID` = '" . $ProductID . "'";
		
		mysql_query($query) or die('Query failed: ' . mysql_error() . " Whole Query: " . $query);
		
		echo "<center><br />".$Name." has been updated!";
		echo "<a href=index.php?mode=clothing>Back</a></center>\n";
		}
	}

Posted: Wed Oct 04, 2006 6:16 pm
by Luke

Posted: Wed Oct 04, 2006 6:21 pm
by trent2800
BAH!

I disabled them in the root dir but yet they persist! I had ruled that out as I thought the little *(%#ing things had been disabled permanantly. GRRRRR! :evil: :evil:

Posted: Wed Oct 04, 2006 6:26 pm
by Luke
Here... this was in a HTTP_Request class, but I turned it into a function for you...

Code: Select all

/**
         * Recursively remove php-generated autoslashes
         */
    function removeSlashes(&$var) {
        if (get_magic_quotes_gpc()) {
            if (is_array($var)) {
                foreach ($var as $name => $value) {
                    if (is_array($value)) {
                        removeSlashes($value);
                    } else {
                        $var[$name] = stripslashes($value);
                    }
               }
            } else {
                $var = stripslashes($var);
            }
        }
    }

Posted: Wed Oct 04, 2006 6:30 pm
by trent2800
awwww, that's sweet. You're my favorite Ninja Space Goat, did you know that?

Posted: Wed Oct 04, 2006 6:35 pm
by Luke
:D