handling escape sequence

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
vinoth
Forum Contributor
Posts: 113
Joined: Thu Aug 02, 2007 3:08 am
Location: India
Contact:

handling escape sequence

Post by vinoth »

hi all

I am try to insert the value like "test's"..

I Pass the value through test box;
If we retrive the value using $_REQUEST['text'];
then I insert to database in database it insert as test/'s.

Is there any way to handle this..
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Post by Zoxive »

You have magic_quotes on

stripslashes might be what you want when echoing the data back out.
vinoth
Forum Contributor
Posts: 113
Joined: Thu Aug 02, 2007 3:08 am
Location: India
Contact:

Post by vinoth »

if we use strip slashes means the value was not insert in to an table
because while inserting it idenfies another single quote
Mou
Forum Newbie
Posts: 4
Joined: Fri Aug 24, 2007 6:21 am

handling escape sequence

Post by Mou »

What you have to do is while inserting data add 'addslashes' and while fetching the data from the table use 'stripslashes', like this way:

Code: Select all

$var="test's";
$testdata=addslashes($var);

/////while fetching write ///
stripslashes($row['testdata']);
vinoth
Forum Contributor
Posts: 113
Joined: Thu Aug 02, 2007 3:08 am
Location: India
Contact:

Post by vinoth »

what is the purpose of addslashes
for that reason while displaying to user end itself we use strip slashes
in other database related queries we use the same value itself
it was working fine now
User avatar
Zoxive
Forum Regular
Posts: 974
Joined: Fri Apr 01, 2005 4:37 pm
Location: Bay City, Michigan

Post by Zoxive »

Like i said, you have magic_quotes on, so it auto adds slashes, and when outputting data you just need to strip slashes, like i said...
Zoxive wrote:stripslashes might be what you want when echoing the data back out.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

get_magic_quotes() was a terrible mistake and we now have to deal with some server configurations to fix this mistake.

Code: Select all

function escape($input) 
{
   if (get_magic_quotes_gpc()) {
      $input = stripslashes($input);
   }

   return mysql_real_escape_string($input);
}
Using this, we can eliminate the effects of magic quotes with the added benefit of using mysql_real_escape_string().. which I might add should be used on all incomming strings, the same as numerical should use intval() or typecasting.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Jcart wrote:get_magic_quotes() was a terrible mistake and we now have to deal with some server configurations to fix this mistake.

Code: Select all

function escape($input) 
{
   if (get_magic_quotes_gpc()) {
      $input = stripslashes($input);
   }

   return mysql_real_escape_string($input);
}
Using this, we can eliminate the effects of magic quotes with the added benefit of using mysql_real_escape_string().. which I might add should be used on all incomming strings, the same as numerical should use intval() or typecasting.
This should only be used on request data, as magic_quotes only operates on request data. Otherwise, you could possibly remove slashes that you intended to keep.
Post Reply