String oddity

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
dhampson
Forum Newbie
Posts: 19
Joined: Mon Mar 24, 2008 8:01 pm

String oddity

Post by dhampson »

I wrote a small php front end to a mysql database. Users write into <input type="text"..../> or <input type="textarea".../> It all gets stored into the data base, and can be recalled later in various formats.

When I first created it, there was a bug. If someone used an apostrophe (Bob's mail, e.g.) then the mysql_query() string would be malformed, and nothing would be updated. I fixed this with str_replace(), and escaped any apostrophe's.

This worked well for 3 years, until I upgraded the server to apache 2, php5 and mysql 5. It updates fine, but wherever I have an apostrophe and save, it keeps the "slash" when I recall it (Bob\'s mail e.g.) If I save again, I get 2 slashes (Bob\\'s mail )

I'm trying to figure out if I should rewrite the code and eliminate the str_replace, or modify apache's config file, the php.ini file, or something in MySQL.

Any advice or explanation would be very helpful.

--Dave
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: String oddity

Post by onion2k »

It's being escaped twice. I'd guess magic quotes are switched on on the new server.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: String oddity

Post by John Cartwright »

Replace all your str_replace() gargan with mysql_real_escape_string(). This function should always be used on all input to prevent errors and SQL injection.
dhampson
Forum Newbie
Posts: 19
Joined: Mon Mar 24, 2008 8:01 pm

Re: String oddity

Post by dhampson »

OK, I think I have enough to figure it out now!

I have a little reading to do, but at least now I know what to read. Thank for the help.

--Dave
Post Reply