In table is record, field called CompanyName that has: Joe\'s Place (I
added the slashes before inserting the field.)
This will NOT work:
$x="Joe's Place";
$sql="Select * from Company where CompanyName LIKE '%" . addslashes($x) .
"%'";
(standard MySQL query code)
I don't get an error, but I don't get a hit either!
Here is the quirk. Take out the LIKE and put in an = and it works:
$sql="Select * from Company where CompanyName =' " . addslashes($x) . " ' ";
(standard MySQL query code)
Does anyone have any ideas of what is happening here?
Thanks,
Al 5 4378
I <be**********@s lb9.atl.mindspr ing.net>, Adams-Blake Co. skrev: $sql="Select * from Company where CompanyName =' " . addslashes($x) . " ' "; (standard MySQL query code)
Does anyone have any ideas of what is happening here?
Have you tried:
echo $sql = "SELECT ...";
and examining (or pasting in a commandline mysql session) the generated
query?
mvrgr, Wouter
--
uws mail uw*@xs4all.nl
i will hold you close :: if you're afraid of heights -- incubus
On Mon, 14 Jul 2003 08:09:27 -0700, "Adams-Blake Co."
<at************ @adams.takeme.o ut.-blake.com> wrote: Adams-Blake Co. wrote:
In table is record, field called CompanyName that has: Joe\'s Place (I added the slashes before inserting the field.)
This will NOT work: $x="Joe's Place"; $sql="Select * from Company where CompanyName LIKE '%" . addslashes($x) . "%'"; (standard MySQL query code)
I don't get an error, but I don't get a hit either!
Here is the quirk. Take out the LIKE and put in an = and it works:
$sql="Select * from Company where CompanyName =' " . addslashes($x) . " ' "; (standard MySQL query code)
Does anyone have any ideas of what is happening here?
Thanks,
Al
(responding to my own post)
There is what does work: $sql="Select * from Company where CompanyName LIKE '%" . addslashes(add slashes($x)).
In other words, you have to add TWO addslash functions.
Why?
mysql> select * from liketest where c = 'Joe\\\'s place';
+--------------+
| c |
+--------------+
| Joe\'s place |
+--------------+
1 row in set (0.00 sec)
mysql> select * from liketest where c like 'Joe\\\'s place';
Empty set (0.00 sec)
mysql> select * from liketest where c like 'Joe\\\\\'s place';
+--------------+
| c |
+--------------+
| Joe\'s place |
+--------------+
1 row in set (0.00 sec)
The manual explains: http://www.mysql.com/doc/en/String_c...functions.html
"Note: Because MySQL uses the C escape syntax in strings (for example, `\n'),
you must double any `\' that you use in your LIKE strings. For example, to
search for `\n', specify it as `\\n'. To search for `\', specify it as `\\\\'
(the backslashes are stripped once by the parser and another time when the
pattern match is done, leaving a single backslash to be matched). Note:
Currently LIKE is not multi-byte character safe. Comparison is done character
by character. "
(Although why do you have the \ in your data anyway?)
--
Andy Hassall (an**@andyh.co. uk) icq(5747695) ( http://www.andyh.co.uk)
Space: disk usage analysis tool ( http://www.andyhsoftware.co.uk/space)
On Mon, 14 Jul 2003 23:32:46 -0700, "Adams-Blake Co."
<at************ @adams.takeme.o ut.-blake.com> wrote: Because I used the "addslashes " function before I inserted the record. Isn't that the correct way:
$CompanyName = "Joe's Place"; Insert into mytable fld1= addslashes($Com panyName)....
How else would you do it?
If you have:
Joe\'s place
... stored in the database, you've added slashes twice.
You should only add enough slashes so that the data gets to the database in
its original form.
If $CompanyName contains "Joe's Place" then doing one addslashes() as you say
is correct. This makes it "fld1='Joe\ 's Place'" in the SQL, and stores "Joe's
Place".
However if it's already "Joe\'s Place" then another addslashes makes it
"fld='Joe\\ \'s place'" in the SQL, and you store "Joe\'s Place" which wasn't
your original data.
Do you have one of the automatic escaping functions on, the magic_quotes*
settings? That would explain the double-escaping.
--
Andy Hassall (an**@andyh.co. uk) icq(5747695) ( http://www.andyh.co.uk)
Space: disk usage analysis tool ( http://www.andyhsoftware.co.uk/space)
Andy Hassall wrote: On Mon, 14 Jul 2003 23:32:46 -0700, "Adams-Blake Co." <at************ @adams.takeme.o ut.-blake.com> wrote:
Because I used the "addslashes " function before I inserted the record. Isn't that the correct way:
$CompanyNam e = "Joe's Place"; Insert into mytable fld1= addslashes($Com panyName)....
How else would you do it?
If you have:
Joe\'s place
... stored in the database, you've added slashes twice.
You should only add enough slashes so that the data gets to the database in its original form.
If $CompanyName contains "Joe's Place" then doing one addslashes() as you say is correct. This makes it "fld1='Joe\ 's Place'" in the SQL, and stores "Joe's Place".
However if it's already "Joe\'s Place" then another addslashes makes it "fld='Joe\\ \'s place'" in the SQL, and you store "Joe\'s Place" which wasn't your original data.
Do you have one of the automatic escaping functions on, the magic_quotes* settings? That would explain the double-escaping.
Andy, et. al.
When I do add $CompanyNam e = "Joe's Place"; Insert into mytable fld1= addslashes($Com panyName)....
and look at the field name in phpMySQLAdmin for the record I see: Joe\'s
Place. So I assume that the slash is actually stored in the database. And
this is why when I do:
$recsql="select CompanyName from mytable";
$rs = $db->Execute($recsq l);
$cname= stripslashes($r s->Fields['CompanyName']);
(I use the ADODB wrapper)
Does the database table actually carry the slash? I don't know, but I see it
in MySQLAdmin.... so I figure I have to do the stripslashes. Everything
seems to work..... except when you do the "LIKE" search in SQL and you need 2
addslash functions.
I don't know if I have magic anything turned on. I know that the above code
works fine on my local Apache as well as whatever pair.com runs.
Let me know what you think regarding the double addslashes for Joe's Place.
-Al
Adams-Blake Co. wrote: Andy Hassall wrote:
On Mon, 14 Jul 2003 23:32:46 -0700, "Adams-Blake Co." <at************ @adams.takeme.o ut.-blake.com> wrote:
Because I used the "addslashes " function before I inserted the record. Isn't that the correct way:
$CompanyNa me = "Joe's Place"; Insert into mytable fld1= addslashes($Com panyName)....
How else would you do it?
If you have:
Joe\'s place
... stored in the database, you've added slashes twice.
You should only add enough slashes so that the data gets to the database in its original form.
If $CompanyName contains "Joe's Place" then doing one addslashes() as you say is correct. This makes it "fld1='Joe\ 's Place'" in the SQL, and stores "Joe's Place".
However if it's already "Joe\'s Place" then another addslashes makes it "fld='Joe\\ \'s place'" in the SQL, and you store "Joe\'s Place" which wasn't your original data.
Do you have one of the automatic escaping functions on, the magic_quotes* settings? That would explain the double-escaping.
Andy, et. al.
When I do add$CompanyNa me = "Joe's Place"; Insert into mytable fld1= addslashes($Com panyName)....
and look at the field name in phpMySQLAdmin for the record I see: Joe\'s Place. So I assume that the slash is actually stored in the database. And this is why when I do:
$recsql="select CompanyName from mytable"; $rs = $db->Execute($recsq l); $cname= stripslashes($r s->Fields['CompanyName']); (I use the ADODB wrapper)
Does the database table actually carry the slash? I don't know, but I see it in MySQLAdmin.... so I figure I have to do the stripslashes. Everything seems to work..... except when you do the "LIKE" search in SQL and you need 2 addslash functions.
I don't know if I have magic anything turned on. I know that the above code works fine on my local Apache as well as whatever pair.com runs.
Let me know what you think regarding the double addslashes for Joe's Place.
-Al
OK, I FOUND THE ANSWER. It was Andy who helped me see the light here... along
with some other posts in the archives. It seems that "addslashes " does what
it says, but that MySQL strips them out before it pops the field in the
database. Under normal conditions it is NOT stored as Joe\'s Place but as
Joe's Place.
HOWEVER, if for some (dumb) reason you have something called
"magic-quotes-gpc" turned ON in your php.ini file, the slashes are added for
you atomatically. If you continue to do a "addslashes " you end up with
"Joe\\'s Place". MySQL strips out the first one, but leaves the second which
is why you will see the \ in the database if you go in and edit a record.
And if this is the case then you NEED to do a stripslashes when getting the
record in order to get rid of the darn \.
THE KEY, (IMO... and maybe I'm wrong) is to turn OFF this "magic quote"
thingy, and ALWAYS use the addslashes function on all strings that are going
to be inserted into SQL or if you are going to do a string search (select).
Maybe someone can explain the concept of this "magic quote" parm, but it
seems to me (and other postings that I've read) that the PHP developers made
a mistake by trying to do "too much" for the developer.... but I guess that's
another issue.
I hope someone will please come on and tell me if the above is a correct
analysis in case I'm all wrong. We don't want bad info to be on Google
without someone setting it straight because I'm sure others will have this
problem as well.
Al This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: NotGiven |
last post by:
I am researching the best place to put pictures. I have heard form both
sides and I'd like to know why one is better than the other.
Many thanks!
|
by: elyob |
last post by:
Hi,
I'm looking at storing snippets of details in MySQL about what credit cards
a business excepts. Rather than have a whole column for Visa, another for
Amex etc ... I am looking at having a column called payment types and
inserting multiple codes ... e.g. ViAmBcCa
Is this a good way of doing things? To me it'd be a lot cleaner and limit...
|
by: John Wells |
last post by:
Yes, I know you've seen the above subject before, so please be gentle with
the flamethrowers.
I'm preparing to enter a discussion with management at my company
regarding going forward as either a MySql shop or a Postgresql shop.
It's my opinion that we should be using PG, because of the full ACID
support, and the license involved. A...
|
by: Mairhtin O'Feannag |
last post by:
Hello,
I have a client (customer) who asked the question : "Why would I buy and
use UDB, when MySql is free?"
I had to say I was stunned. I have no experience with MySql, so I was
left sort of stammering and sputtering, and managed to pull out something
I heard a couple of years back - that there was no real transaction
safety in MySql....
|
by: the.natalie |
last post by:
Hi.
I am a newbie to mysql, cron, and shell scripting, so please bear with
me. I have a script that is used for updating an image directory based
on contents in a database. The script does the following: runs
several queries against different tables in a database; returns several
lists of pictures being used in the database; removes any...
| |
by: Cheryl Langdon |
last post by:
Hello everyone,
This is my first attempt at getting help in this manner. Please
forgive me if this is an inappropriate request.
I suddenly find myself in urgent need of instruction on how to
communicate with a MySQL database table on a web server, from inside
of my company's Access-VBA application. I know VBA pretty well but
have never...
|
by: Vanessa |
last post by:
Hi there
I am an Access developer, and I have written applications for a 30
telephone call center, using the standard multiuser jet engine, it all
works fine, but I want to move our systems onto MySQL, as we get the
odd #DELETED# (that old chestnut) so that it is more stable, I have
installed mysql and myodbc and configured it in data...
|
by: Randy |
last post by:
Folks:
We have a web-based app that's _really_ slowing down because multiple
clients are writing their own private data into a single, central
database. I guess the previous programmer did things this way because it
made things easy. Well, I'm the person that has to put up with
the long-term headache.
Anywho, someone at work wants things...
|
by: alex |
last post by:
I've converted a latin1 database I have to utf8. The process has been:
# mysqldump -u root -p --default-character-set=latin1 -c --insert-ignore
--skip-set-charset mydb mydb.sql
# iconv -f ISO-8859-1 -t UTF-8 mydb.sql mydb_utf8.sql
mysqlCREATE DATABASE mydb_utf8 CHARACTER SET utf8 COLLATE utf8_general_ci;
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |