[TriLUG] PHP strange code question
Joseph Tate
dragonstrider at gmail.com
Fri Jan 7 17:31:36 EST 2005
On Fri, 7 Jan 2005 16:10:04 -0500, David McDowell <turnpike420 at gmail.com> wrote:
> This does not seem to work or meet our needs (escaping the apostrophe):
> $Event = addslashes($_POST['event']);
>
> I hope I have given enough information for parsing. Anything you see
> you can throw my way would be much appreciated.
>
There are usually two solutions to the problem you're describing. The
first is to turn magic-quotes on in your php.ini file. Then no
special quoting is necessary for DB inserts, but you may need them at
other points in time i.e. instead of adding quotes everywhere you
insert into the database, you'll need them when you are not inserting
into a database (i.e. writing to a file).
If you make that change, make sure you test all your other PHP code
for breakage. If magic_quotes_gpc is already on, you may need to
change the quoting type. Look in the ini file for the word sybase.
That should help you figure out which type of quoting you need.
The second option is to use the DB specific escape_string function
like mysql_escape_string. Unfortunately I don't see one for mssql.
You are probably trying to use addslashes when magic_quotes are on,
which ends up escaping the escapes, so instead of \' going into the
SQL query, you'll have \\\'.
--
Joseph Tate
Personal e-mail: jtate AT dragonstrider DOT com
Web: http://www.dragonstrider.com
More information about the TriLUG
mailing list