addslashes not working as expected
Posted: Mon Jul 16, 2007 9:25 pm
feyd | Please use
here is how I am building my sql string[/syntax]
and the variables are all set using
feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
I want to insert data into a mysql database... so I used the addslashes($_POST['somefield']) but it is putting a slash and single quote at the start and the end of my variables, so that when I string them together, my insert statement does not work... here is what I am getting...
Thanks in advance for your assistance.
Dean-O
[syntax="sql"]insert into epc_calendar (title, category, descr, startTime, startAP, endTime, endAP, month, day, year, eventLength, dayOfWeek) values = ( '\'this is \"a test\" for o\'donnel\'' ,'\'Academic\'' , '\'dtsfe\'' , ':\'00\'' , '\'AM\'' , ':\'00\'' , '\'AM\'' , '\'7\'' , '\'14\'' , '\'2007\'' , '\'1\'' , '\'Sunday\'' )here is how I am building my sql string[/syntax]
Code: Select all
$sql = "insert into calendar (title, category, descr, startTime, startAP, endTime, endAP, month, day, year, eventLength, dayOfWeek) "."values = ( '$title' ,'$category' , '$descr' , '$startHour".":"."$startMinutes' , '$startAP' , '$endHour".":"."$endMinutes' , '$endAP' , '$month' , '$day' , '$year' , '$eventLength' , '$dayOfWeek' )";and the variables are all set using
Code: Select all
if (!get_magic_quotes_gpc()) {
$title = addslashes(fix_null($_POST['title']));
$category = addslashes(strip_tags(fix_null($_POST['category'])));
$descr = addslashes(strip_tags(fix_null($_POST['descr'])));
$startHour = addslashes(strip_tags(fix_null($_POST['startHour'])));
$startMinutes = addslashes(strip_tags(fix_null($_POST['startMinutes'])));
$startAP = addslashes(strip_tags(fix_null($_POST['startAP'])));
$endHour = addslashes(strip_tags(fix_null($_POST['endHour'])));
$endMinutes = addslashes(strip_tags(fix_null($_POST['endMinutes'])));
$endAP = addslashes(strip_tags(fix_null($_POST['endAP'])));
$month = addslashes(strip_tags(fix_null($_POST['month'])));
$day = addslashes(strip_tags(fix_null($_POST['day'])));
$year = addslashes(strip_tags(fix_null($_POST['year'])));
$eventLength = addslashes(strip_tags(fix_null($_POST['eventLength'])));
$dayOfWeek = addslashes(strip_tags(fix_null($_POST['dayOfWeek'])));
} else {
$title = fix_null($_POST['title']);
$category = fix_null($_POST['category']);
$descr = fix_null($_POST['descr']);
$startHour = fix_null($_POST['startHour']);
$startMinutes = fix_null($_POST['startMinutes']);
$startAP = fix_null($_POST['startAP']);
$endHour = fix_null($_POST['endHour']);
$endMinutes = fix_null($_POST['endMinutes']);
$endAP = fix_null($_POST['endAP']);
$month = fix_null($_POST['month']);
$day = fix_null($_POST['day']);
$year = fix_null($_POST['year']);
$eventLength = fix_null($_POST['eventLength']);
$dayOfWeek = fix_null($_POST['dayOfWeek']);
}feyd | Please use
Code: Select all
,Code: Select all
and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read: [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]