help with - mysql_real_escape_string

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
PastorHank
Forum Contributor
Posts: 117
Joined: Sat Jun 03, 2006 7:58 am
Location: Texas Hill Country

help with - mysql_real_escape_string

Post by PastorHank »

I'm trying to select records using a standard querry

Code: Select all

$query1 = "SELECT * FROM MainTable_bloodlines.batchid WHERE animalid='$animal_to_use'";
the value that should be in the field is 'butler's ignition #37"

Both

Code: Select all

$animal_to_use = strip_tags(trim($_POST['bulllist']));
and

Code: Select all

$animal_to_use = mysql_real_escape_string($_POST['bulllist']);
Var_dump shows the characters 'butler' only. What am I missing?

Thank you
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I'm confused by your post. Please post more code illustrating your problem.
PastorHank
Forum Contributor
Posts: 117
Joined: Sat Jun 03, 2006 7:58 am
Location: Texas Hill Country

Post by PastorHank »

Not sure what else to post. The variable I am trying to use is $animal_to_use which corresponds to a field in my database called animalid.

Now when this value comes over with an apostrophe in it, (for example ' 'butler's ignition #37') the program is truncating the value at the apostrophe. When I use VAR_DUMP($animal_to_use) to see my value I learn that instead of returning 'butler's ignition #37' -- it is returning 'butler'.

If I remove the apostrophe, things work and it returns the correct value.

When I researched the issue, it seemed that this code should work to return the entire field name

Code: Select all

$animal_to_use = mysql_real_escape_string($_POST['bulllist'])
but it didn't and I can't find any other functions to deal with the apostrophe and keep my id string together. So I'm kind of lost
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

I've never seen var_dump() cut a variable off. Do you have a live version that shows this behavior (and can you post the code that generates it)?
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

My crystal ball says you forward this value through a hidden input and you've forgotten the quotes around the 'value' attribute.

This should be working, innit?

Code: Select all

$animal_to_use = mysql_real_escape_string("Can't touch this")
echo $animal_to_use;
PastorHank
Forum Contributor
Posts: 117
Joined: Sat Jun 03, 2006 7:58 am
Location: Texas Hill Country

Post by PastorHank »

The secret turned out to be I had to use the .htmlspecialchars() function on my selection option and then it worked.

Code: Select all

echo "<option value=\"".htmlspecialchars($animalid)."\">$animalid";
Post Reply