Page 1 of 2
Illegal Characters
Posted: Wed Jan 10, 2007 9:24 am
by WanamakerStudios
I am pulling information from a pre-built database that has "illegal" characters in the ID field such as \, ], ^, [, ' and others. How can I ensure that each of these characters is properly encased so I can search against them? As of right now, I am trying to output them into an array and when I hit the \ or ] ... the array function throws an error!
Posted: Wed Jan 10, 2007 9:35 am
by boo_lolly
i'm no expert, but i believe you may get some use out of addslashes() and stripslashes(). before you insert or update information in your database tables, send the information through the addslashes() function.
Code: Select all
<?php
$string = "@#/%^\>?";
$string = addlsashes($string);
mysql_query("INSERT INTO your_table (your_column) VALUES ('". $string ."')") or die(mysql_error());
?>
and if you retrieve this information to display on your webpages, use the stripslashes() function.
Code: Select all
<?php
$sql = mysql_query("SELECT * FROM your_table");
$query = mysql_fetch_array($sql);
echo "No more slashes: ". stripslashes($query[your_column]) ."\n";
?>
there's probably plenty more functions you could use or you coulr write your own user defined function with some regex know-how to manipulate the string exactly how you need to. hope this helps. good luck!
Posted: Wed Jan 10, 2007 9:42 am
by WanamakerStudios
Would that work the same if I am trying to pull information out that is already in the DB?
Posted: Wed Jan 10, 2007 9:43 am
by Kieran Huggins
Don't forget to use mysql_real_escape_string() !
Posted: Wed Jan 10, 2007 9:46 am
by WanamakerStudios
This is the code that I am trying to run:
Code: Select all
while($array = mysql_fetch_array($query_make)){
$query_makename = search_db("SELECT CDESCRIPTION FROM carparts WHERE BINARY CIDCARP = '$array[CMAKE]'",'used');
$makeid[] = $array[0];
while($array2 = mysql_fetch_array($query_makename)){
$makename[] = $array2[0];
}
}
And I get the following error messages:
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
Posted: Wed Jan 10, 2007 9:58 am
by boo_lolly
will you post the value of $query_make?
Re: Illegal Characters
Posted: Wed Jan 10, 2007 9:59 am
by Ollie Saunders
WanamakerStudios wrote:I am pulling information from a pre-built database that has "illegal" characters in the ID field such as \, ], ^, [, ' and others. How can I ensure that each of these characters is properly encased so I can search against them? As of right now, I am trying to output them into an array and when I hit the \ or ] ... the array function throws an error!
What is allowed in the ID field? Alphanumerics?
i'm no expert, but i believe you may get some use out of addslashes() and stripslashes()
Sorry boo_lolly, that's not good advice. mysql_real_escape_string() is preferrible over addslashes() and you don't need stripslashes() at all. When you escape quotes (with addslashes or mysql_re...) that action is temporarily marking that quote as part of the string not the end of it, the slashes themselves are not added to the fields in the databases hence stripslashes is unnecessary.
Posted: Wed Jan 10, 2007 10:03 am
by WanamakerStudios
The values are as follows:
AZ
A[
A'
A^
A\
A\
BZ
B[
B]
B'
Posted: Wed Jan 10, 2007 10:21 am
by Ollie Saunders
Sorry don't see what you mean by that
Posted: Wed Jan 10, 2007 10:23 am
by WanamakerStudios
Whenever I try to run the SELECT statement on any of the variables ... I get the error message that it could not fetch the array
Re: Illegal Characters
Posted: Wed Jan 10, 2007 10:38 am
by boo_lolly
ole wrote:WanamakerStudios wrote:I am pulling information from a pre-built database that has "illegal" characters in the ID field such as \, ], ^, [, ' and others. How can I ensure that each of these characters is properly encased so I can search against them? As of right now, I am trying to output them into an array and when I hit the \ or ] ... the array function throws an error!
What is allowed in the ID field? Alphanumerics?
i'm no expert, but i believe you may get some use out of addslashes() and stripslashes()
Sorry boo_lolly, that's not good advice. mysql_real_escape_string() is preferrible over addslashes() and you don't need stripslashes() at all. When you escape quotes (with addslashes or mysql_re...) that action is temporarily marking that quote as part of the string not the end of it, the slashes themselves are not added to the fields in the databases hence stripslashes is unnecessary.
yeah, i said i was no expert =P, but thanks for the tip ole!
The values are as follows:
AZ
A[
A'
A^
A\
A\
BZ
B[
B]
B'
i think he was answering my question when i asked him to post the value of $query_make...
wanamaker, i didn't mean the printed value. i mean $query_make = mysql_query("???????????") or die(mysql_error());
Posted: Wed Jan 10, 2007 10:41 am
by WanamakerStudios
My bad ... here ya go ...
Code: Select all
$query_make = search_db("SELECT DISTINCT CMAKE FROM `vehicles-temp`",'used');
Posted: Wed Jan 10, 2007 11:59 am
by RobertGonzalez
Which is it, this one:
WanamakerStudios wrote:This is the code that I am trying to run:
Code: Select all
while($array = mysql_fetch_array($query_make)){
$query_makename = search_db("SELECT CDESCRIPTION FROM carparts WHERE BINARY CIDCARP = '$array[CMAKE]'",'used');
$makeid[] = $array[0];
while($array2 = mysql_fetch_array($query_makename)){
$makename[] = $array2[0];
}
}
And I get the following error messages:
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
<br />
<b>Warning</b>: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in <b>/home/bestcarp/public_html/modules/js/used-car.php</b> on line <b>19</b><br />
or this one
WanamakerStudios wrote:My bad ... here ya go ...
Code: Select all
$query_make = search_db("SELECT DISTINCT CMAKE FROM `vehicles-temp`",'used');
In the first query, the value
$array[CMAKE] may be making your life a little difficult, as the array index should have quotes around them so PHP does not try to interpret it as a constant. That being said, can you run your queries though the error checker (
mysql_error()) to see what the database server is telling you about your query? The errors you posted first come from the fast that you are not passing a result resource to
mysql_fetch_array(), which expects a result resource. That means your query is borked somewhere.
mysql_error() will tell you where.
Posted: Wed Jan 10, 2007 1:17 pm
by boo_lolly
what editor are you using? you've got back-ticks (`) around vehicles-temp, not single quotes (').
Posted: Wed Jan 10, 2007 1:25 pm
by volka
try
Code: Select all
error_reporting(E_ALL);
ini_set('display_errors', true);
$query_make = search_db("SELECT DISTINCT CMAKE FROM `vehicles-temp`",'used')
or die(mysql_error().': '.$query_make);
while($array = mysql_fetch_array($query_make)){
$cmake = mysql_real_escape_strring($array[CMAKE]);
$query_makename = search_db("SELECT CDESCRIPTION FROM carparts WHERE BINARY CIDCARP = '$cmale'",'used')
or die(mysql_error().': '.$query_makename);
$makeid[] = $array[0];
while($array2 = mysql_fetch_array($query_makename)){
$makename[] = $array2[0];
}
}
btw: this can be done easier and faster with a JOIN statement, see
http://www.w3schools.com/sql/sql_join.asp