Page 1 of 1
help with - mysql_real_escape_string
Posted: Tue Mar 20, 2007 4:20 pm
by PastorHank
I'm trying to select records using a standard querry
Code: Select all
$query1 = "SELECT * FROM MainTable_bloodlines.batchid WHERE animalid='$animal_to_use'";
the value that should be in the field is 'butler's ignition #37"
Both
Code: Select all
$animal_to_use = strip_tags(trim($_POST['bulllist']));
and
Code: Select all
$animal_to_use = mysql_real_escape_string($_POST['bulllist']);
Var_dump shows the characters 'butler' only. What am I missing?
Thank you
Posted: Tue Mar 20, 2007 4:45 pm
by feyd
I'm confused by your post. Please post more code illustrating your problem.
Posted: Tue Mar 20, 2007 5:26 pm
by PastorHank
Not sure what else to post. The variable I am trying to use is $animal_to_use which corresponds to a field in my database called animalid.
Now when this value comes over with an apostrophe in it, (for example ' 'butler's ignition #37') the program is truncating the value at the apostrophe. When I use VAR_DUMP($animal_to_use) to see my value I learn that instead of returning 'butler's ignition #37' -- it is returning 'butler'.
If I remove the apostrophe, things work and it returns the correct value.
When I researched the issue, it seemed that this code should work to return the entire field name
Code: Select all
$animal_to_use = mysql_real_escape_string($_POST['bulllist'])
but it didn't and I can't find any other functions to deal with the apostrophe and keep my id string together. So I'm kind of lost
Posted: Tue Mar 20, 2007 5:35 pm
by feyd
I've never seen var_dump() cut a variable off. Do you have a live version that shows this behavior (and can you post the code that generates it)?
Posted: Tue Mar 20, 2007 5:43 pm
by Mordred
My crystal ball says you forward this value through a hidden input and you've forgotten the quotes around the 'value' attribute.
This should be working, innit?
Code: Select all
$animal_to_use = mysql_real_escape_string("Can't touch this")
echo $animal_to_use;
Posted: Wed Mar 21, 2007 2:45 pm
by PastorHank
The secret turned out to be I had to use the .htmlspecialchars() function on my selection option and then it worked.
Code: Select all
echo "<option value=\"".htmlspecialchars($animalid)."\">$animalid";