addslashes, mysql_real_escape_string or magic_quotes_gpc?

Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.

I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.

I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.

Many thanks
Redge
P.S please reply to this group rather than by email - thanks

On Tue, 16 Oct 2007 18:32:12 +0200, <redog6@hotmail.comwrote:

Quote:

Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.
>
I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.
>
I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.

http://www.php.net/array_map is your friend.

--
Rik Wasmus

"Rik Wasmus" <luiheidsgoeroe@hotmail.comwrote in
news:op.t0autvy75bnjuv@metallium.lan:

Quote:

On Tue, 16 Oct 2007 18:32:12 +0200, <redog6@hotmail.comwrote:
>

Quote:

>Hi
>I have a webform with many free text fields and have a problem with
>apostrophes and single quotes as this breaks the mysql query string.
>>
>I obviously need to escape these characters - magic_quotes_gpc sounds
>ideal but is not an option as I don't have access to the php.ini file
>and it is currently set to 0.
>>
>I could use either addslashes or mysql_real_espcape_string but do I
>have to apply this to every field individually or is there a way to do
>it to all in one go?
>Any advice on the most suitable method and how to do it in one go
>would be greatly appreciated.

>
>
http://www.php.net/array_map is your friend.

just make sure not to apply it to form variables which are arrays!

redog6@hotmail.com wrote:

Quote:

Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.
>
I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.
>
I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.
>
Many thanks
Redge
P.S please reply to this group rather than by email - thanks
>
>

mysql_real_escape_string() - that's what it's made for.

And yes, you need to apply it to each field separately.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

In our last episode,
<1192552332.205530.150500@v29g2000prd.googlegroups .com>, the lovely and
talented redog6@hotmail.com broadcast on comp.lang.php:

Quote:

I could use either addslashes or mysql_real_espcape_string but do I have
to apply this to every field individually or is there a way to do it to
all in one go? Any advice on the most suitable method and how to do it in
one go would be greatly appreciated.

See the "best practice" example in the mysql_real_escape_string page of the
manual. Basically, you want to turn off magic quotes if you can, or test
for magic quotes and undo them if they are on in case you cannot turn them
off. You want to use mysql_real_escape_string, but only on stuff that is
going into a query and you want to use it as close to where you put the
query together as you can (mysql_real_escape_string will not work, or will
not work right unless you have established the db connection that you want
to use -- and if the link you want to use is not the one you most recently
established, you must specify the one you want to use).

--
Lars Eighner <http://larseighner.com/ <http://myspace.com/larseighner>
Countdown: 461 days to go.
What do you do when you're debranded?

Many thanks to you all for a useful and speedy response! Best Redge

On Tue, 16 Oct 2007 19:01:47 +0200, Good Man <heyho@letsgo.comwrote:

Quote:

"Rik Wasmus" <luiheidsgoeroe@hotmail.comwrote in
news:op.t0autvy75bnjuv@metallium.lan:
>

Quote:

>On Tue, 16 Oct 2007 18:32:12 +0200, <redog6@hotmail.comwrote:
>>

Quote:

>>Hi
>>I have a webform with many free text fields and have a problem with
>>apostrophes and single quotes as this breaks the mysql query string.
>>>
>>I obviously need to escape these characters - magic_quotes_gpc sounds
>>ideal but is not an option as I don't have access to the php.ini file
>>and it is currently set to 0.
>>>
>>I could use either addslashes or mysql_real_espcape_string but do I
>>have to apply this to every field individually or is there a way to do
>>it to all in one go?
>>Any advice on the most suitable method and how to do it in one go
>>would be greatly appreciated.

>>
>>
>http://www.php.net/array_map is your friend.

>
just make sure not to apply it to form variables which are arrays!

Indeed, Good Practise would to be leave those arrays always 'as is' and
intact (hence magic_guotes are evil), and just copy the data you need from
it.
--
Rik Wasmus

addslashes, mysql_real_escape_string or magic_quotes_gpc?

re: addslashes, mysql_real_escape_string or magic_quotes_gpc?

re: addslashes, mysql_real_escape_string or magic_quotes_gpc?

re: addslashes, mysql_real_escape_string or magic_quotes_gpc?

re: addslashes, mysql_real_escape_string or magic_quotes_gpc?

re: addslashes, mysql_real_escape_string or magic_quotes_gpc?

re: addslashes, mysql_real_escape_string or magic_quotes_gpc?

Similar PHP bytes

/bytes/development

/bytes/it

/bytes/about