Illegal Characters

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

WanamakerStudios
Forum Commoner
Posts: 65
Joined: Thu Nov 30, 2006 7:35 am

Illegal Characters

Post by WanamakerStudios »

I am pulling information from a pre-built database that has "illegal" characters in the ID field such as \, ], ^, [, ' and others. How can I ensure that each of these characters is properly encased so I can search against them? As of right now, I am trying to output them into an array and when I hit the \ or ] ... the array function throws an error!
User avatar
boo_lolly
Forum Contributor
Posts: 154
Joined: Tue Nov 14, 2006 5:04 pm

Post by boo_lolly »

i'm no expert, but i believe you may get some use out of addslashes() and stripslashes(). before you insert or update information in your database tables, send the information through the addslashes() function.

Code: Select all

<?php
	$string = "@#/%^\>?";
	$string = addlsashes($string);

	mysql_query("INSERT INTO your_table (your_column) VALUES ('". $string ."')") or die(mysql_error());
?>
and if you retrieve this information to display on your webpages, use the stripslashes() function.

Code: Select all

<?php
	$sql = mysql_query("SELECT * FROM your_table");
	$query = mysql_fetch_array($sql);

	echo "No more slashes: ". stripslashes($query[your_column]) ."\n";
?>
there's probably plenty more functions you could use or you coulr write your own user defined function with some regex know-how to manipulate the string exactly how you need to. hope this helps. good luck!
WanamakerStudios
Forum Commoner
Posts: 65
Joined: Thu Nov 30, 2006 7:35 am

Post by WanamakerStudios »

Would that work the same if I am trying to pull information out that is already in the DB?
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

Don't forget to use mysql_real_escape_string() !
WanamakerStudios
Forum Commoner
Posts: 65
Joined: Thu Nov 30, 2006 7:35 am

Post by WanamakerStudios »

This is the code that I am trying to run:

Code: Select all

while($array = mysql_fetch_array($query_make)){
		$query_makename = search_db("SELECT CDESCRIPTION FROM carparts WHERE BINARY CIDCARP = '$array[CMAKE]'",'used');
		$makeid[] = $array[0];
			while($array2 = mysql_fetch_array($query_makename)){
				$makename[] = $array2[0];
			}
	}
And I get the following error messages:

<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
User avatar
boo_lolly
Forum Contributor
Posts: 154
Joined: Tue Nov 14, 2006 5:04 pm

Post by boo_lolly »

will you post the value of $query_make?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Re: Illegal Characters

Post by Ollie Saunders »

WanamakerStudios wrote:I am pulling information from a pre-built database that has "illegal" characters in the ID field such as \, ], ^, [, ' and others. How can I ensure that each of these characters is properly encased so I can search against them? As of right now, I am trying to output them into an array and when I hit the \ or ] ... the array function throws an error!
What is allowed in the ID field? Alphanumerics?
i'm no expert, but i believe you may get some use out of addslashes() and stripslashes()
Sorry boo_lolly, that's not good advice. mysql_real_escape_string() is preferrible over addslashes() and you don't need stripslashes() at all. When you escape quotes (with addslashes or mysql_re...) that action is temporarily marking that quote as part of the string not the end of it, the slashes themselves are not added to the fields in the databases hence stripslashes is unnecessary.
WanamakerStudios
Forum Commoner
Posts: 65
Joined: Thu Nov 30, 2006 7:35 am

Post by WanamakerStudios »

The values are as follows:

AZ
A[
A'
A^
A\
A\
BZ
B[
B]
B'
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

Sorry don't see what you mean by that
WanamakerStudios
Forum Commoner
Posts: 65
Joined: Thu Nov 30, 2006 7:35 am

Post by WanamakerStudios »

Whenever I try to run the SELECT statement on any of the variables ... I get the error message that it could not fetch the array
User avatar
boo_lolly
Forum Contributor
Posts: 154
Joined: Tue Nov 14, 2006 5:04 pm

Re: Illegal Characters

Post by boo_lolly »

ole wrote:
WanamakerStudios wrote:I am pulling information from a pre-built database that has "illegal" characters in the ID field such as \, ], ^, [, ' and others. How can I ensure that each of these characters is properly encased so I can search against them? As of right now, I am trying to output them into an array and when I hit the \ or ] ... the array function throws an error!
What is allowed in the ID field? Alphanumerics?
i'm no expert, but i believe you may get some use out of addslashes() and stripslashes()
Sorry boo_lolly, that's not good advice. mysql_real_escape_string() is preferrible over addslashes() and you don't need stripslashes() at all. When you escape quotes (with addslashes or mysql_re...) that action is temporarily marking that quote as part of the string not the end of it, the slashes themselves are not added to the fields in the databases hence stripslashes is unnecessary.
yeah, i said i was no expert =P, but thanks for the tip ole!
The values are as follows:

AZ
A[
A'
A^
A\
A\
BZ
B[
B]
B'
i think he was answering my question when i asked him to post the value of $query_make...

wanamaker, i didn't mean the printed value. i mean $query_make = mysql_query("???????????") or die(mysql_error());
WanamakerStudios
Forum Commoner
Posts: 65
Joined: Thu Nov 30, 2006 7:35 am

Post by WanamakerStudios »

My bad ... here ya go ...

Code: Select all

$query_make = search_db("SELECT DISTINCT CMAKE FROM `vehicles-temp`",'used');
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Which is it, this one:
WanamakerStudios wrote:This is the code that I am trying to run:

Code: Select all

while($array = mysql_fetch_array($query_make)){
		$query_makename = search_db("SELECT CDESCRIPTION FROM carparts WHERE BINARY CIDCARP = '$array[CMAKE]'",'used');
		$makeid[] = $array[0];
			while($array2 = mysql_fetch_array($query_makename)){
				$makename[] = $array2[0];
			}
	}
And I get the following error messages:

<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
or this one
WanamakerStudios wrote:My bad ... here ya go ...

Code: Select all

$query_make = search_db("SELECT DISTINCT CMAKE FROM `vehicles-temp`",'used');
In the first query, the value $array[CMAKE] may be making your life a little difficult, as the array index should have quotes around them so PHP does not try to interpret it as a constant. That being said, can you run your queries though the error checker (mysql_error()) to see what the database server is telling you about your query? The errors you posted first come from the fast that you are not passing a result resource to mysql_fetch_array(), which expects a result resource. That means your query is borked somewhere. mysql_error() will tell you where.
User avatar
boo_lolly
Forum Contributor
Posts: 154
Joined: Tue Nov 14, 2006 5:04 pm

Post by boo_lolly »

what editor are you using? you've got back-ticks (`) around vehicles-temp, not single quotes (').
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

try

Code: Select all

error_reporting(E_ALL);
ini_set('display_errors', true);

$query_make = search_db("SELECT DISTINCT CMAKE FROM `vehicles-temp`",'used')
		or die(mysql_error().': '.$query_make);

while($array = mysql_fetch_array($query_make)){
	$cmake = mysql_real_escape_strring($array[CMAKE]);
	$query_makename = search_db("SELECT CDESCRIPTION FROM carparts WHERE BINARY CIDCARP = '$cmale'",'used')
			or die(mysql_error().': '.$query_makename);
	$makeid[] = $array[0];
	while($array2 = mysql_fetch_array($query_makename)){
		$makename[] = $array2[0];
	}
}
btw: this can be done easier and faster with a JOIN statement, see http://www.w3schools.com/sql/sql_join.asp
Last edited by volka on Wed Jan 10, 2007 1:27 pm, edited 1 time in total.
Post Reply