Page 1 of 1

help with - mysql_real_escape_string

Posted: Tue Mar 20, 2007 4:20 pm
by PastorHank
I'm trying to select records using a standard querry

Code: Select all

$query1 = "SELECT * FROM MainTable_bloodlines.batchid WHERE animalid='$animal_to_use'";
the value that should be in the field is 'butler's ignition #37"

Both

Code: Select all

$animal_to_use = strip_tags(trim($_POST['bulllist']));
and

Code: Select all

$animal_to_use = mysql_real_escape_string($_POST['bulllist']);
Var_dump shows the characters 'butler' only. What am I missing?

Thank you

Posted: Tue Mar 20, 2007 4:45 pm
by feyd
I'm confused by your post. Please post more code illustrating your problem.

Posted: Tue Mar 20, 2007 5:26 pm
by PastorHank
Not sure what else to post. The variable I am trying to use is $animal_to_use which corresponds to a field in my database called animalid.

Now when this value comes over with an apostrophe in it, (for example ' 'butler's ignition #37') the program is truncating the value at the apostrophe. When I use VAR_DUMP($animal_to_use) to see my value I learn that instead of returning 'butler's ignition #37' -- it is returning 'butler'.

If I remove the apostrophe, things work and it returns the correct value.

When I researched the issue, it seemed that this code should work to return the entire field name

Code: Select all

$animal_to_use = mysql_real_escape_string($_POST['bulllist'])
but it didn't and I can't find any other functions to deal with the apostrophe and keep my id string together. So I'm kind of lost

Posted: Tue Mar 20, 2007 5:35 pm
by feyd
I've never seen var_dump() cut a variable off. Do you have a live version that shows this behavior (and can you post the code that generates it)?

Posted: Tue Mar 20, 2007 5:43 pm
by Mordred
My crystal ball says you forward this value through a hidden input and you've forgotten the quotes around the 'value' attribute.

This should be working, innit?

Code: Select all

$animal_to_use = mysql_real_escape_string("Can't touch this")
echo $animal_to_use;

Posted: Wed Mar 21, 2007 2:45 pm
by PastorHank
The secret turned out to be I had to use the .htmlspecialchars() function on my selection option and then it worked.

Code: Select all

echo "<option value=\"".htmlspecialchars($animalid)."\">$animalid";