Is there a function that allows you to add a \ before a ' in a string.
This is needed to store text in a mysql db and i was wondering if there
is function which can do this to any ' which DO NOT already have one
before them, this is so i can keep editing my text without all these \
building up.
Kind regards
Marc
13  1621 
monomaniac21 wrote: Is there a function that allows you to add a \ before a ' in a string.
This is needed to store text in a mysql db and i was wondering if there
is function which can do this to any ' which DO NOT already have one
before them, this is so i can keep editing my text without all these \
building up.
Kind regards
Marc
see addslashes()
-david-
you also might want to try str_replace("'" , "\\'", $string);
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
monomaniac21 wrote: Is there a function that allows you to add a \ before a ' in a string.
This is needed to store text in a mysql db
Use mysql_escape_st ring().
- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net
Un ordenador no es un televisor ni un microondas, es una herramienta
compleja.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD5NFj3jc Q2mg3Pc8RAl4VAJ 9rlqun4z2P9Tjfv BJadvNvDyLdbQCf Qb2E
s9+gsTKP7sP1FwB L6J80k/Q=
=D5YK
-----END PGP SIGNATURE-----
monomaniac21 wrote: Is there a function that allows you to add a \ before a ' in a string.
This is needed to store text in a mysql db and i was wondering if there
is function which can do this to any ' which DO NOT already have one
before them, this is so i can keep editing my text without all these \
building up.
Kind regards
Marc
I just include it in the insert statement since you must know the
datatype at insert time
$sqli = "insert into tableA values ";
$sqli .= "('".$_POST['varchar']."',".$_POST['integer']")";
Michael Austin
DBA.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
noone wrote: $sqli = "insert into tableA values ";
$sqli .= "('".$_POST['varchar']."',".$_POST['integer']")";
PHP security 101: never ever put values posted by a user directly into a DB
query, without checking them, escaping them, and treating them as nuclear
waste.
The above is a very clear example of a SQL injection vulnerability.
- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net http://acm.asoc.fi.upm.es/~mr/
Proudly running Debian Linux with 2.6.12-1-686 kernel, KDE3.5.0, and PHP
5.1.2-1 generating this signature.
Uptime: 20:16:47 up 23:45, 2 users, load average: 0.21, 0.37, 0.26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD5P3u3jc Q2mg3Pc8RApygAJ sGphJajK7EBcNSs 3mgvb6LJ2oEigCf c4Md
8oq3CdWHeuGdAbz mVKbqEtY=
=3ktL
-----END PGP SIGNATURE-----
Iván Sánchez Ortega wrote: -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
noone wrote:
$sqli = "insert into tableA values ";
$sqli .= "('".$_POST['varchar']."',".$_POST['integer']")";
PHP security 101: never ever put values posted by a user directly into a DB
query, without checking them, escaping them, and treating them as nuclear
waste.
The above is a very clear example of a SQL injection vulnerability.
- --
goes without saying... merely a test example of how to enclose the
varchar data with single-quote "'".
You also want to use a platform that is nearly impossible to crack. My
choice is OpenVMS from HP - formerly Compaq - formerly Digital Equipment
Corp (aka DEC).
more scalable and has REAL clusters - not these pretend clusters like
Veritas and Microsoft (bbbbarrfff).
I also prefer Apache/Oracle Rdb - formerly DEC/Rdb and not to be
confused with Oracle RDBMS (8/9/10g) and PHP.
M.
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net
http://acm.asoc.fi.upm.es/~mr/
Proudly running Debian Linux with 2.6.12-1-686 kernel, KDE3.5.0, and PHP
5.1.2-1 generating this signature.
Uptime: 20:16:47 up 23:45, 2 users, load average: 0.21, 0.37, 0.26
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD5P3u3jc Q2mg3Pc8RApygAJ sGphJajK7EBcNSs 3mgvb6LJ2oEigCf c4Md
8oq3CdWHeuGdAbz mVKbqEtY=
=3ktL
-----END PGP SIGNATURE--
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
noone wrote: $sqli = "insert into tableA values ";
$sqli .= "('".$_POST['varchar']."',".$_POST['integer']")";
goes without saying... merely a test example of how to enclose the
varchar data with single-quote "'".
That's an example of a SQL injection, you should know that, and you should
teach newbies to use RDBMS-specific techniques of escaping alphanumeric
data prior to its usage in any SQL statement instead of posting such an
example.
This is how it should be done:
<?php
$varchar = mysql_real_esca pe_string($_POS T['varchar']);
$integer = (int) $_POST['integer'];
$sqli = "insert into tableA values ('$varchar',$in teger)";
?>
I will reiterate myself. Never ever trust *any* data entered by *any* user.
You also want to use a platform that is nearly impossible to crack.
Why should I matter about the platform, if anybody can inject SQL??
- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net
Realidómetro: [\.......] Hmmm! No debe de funcionar.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD5V+t3jc Q2mg3Pc8RAhhBAJ 47q4fcUY82N6Fz9 iigEJqaaQHNiACf VVHo
bKJv8KIXNnXuTjq v3sXXTCc=
=lFc5
-----END PGP SIGNATURE-----
On 2006-02-04, mjs7231 <mj*****@gmail. com> wrote: you also might want to try str_replace("'" , "\\'", $string);
$string="don\\' t do that.";
Bye.
Jasen
On 2006-02-04, David Haynes <da***********@ sympatico.ca> wrote: monomaniac21 wrote: Is there a function that allows you to add a \ before a ' in a string.
This is needed to store text in a mysql db and i was wondering if there
is function which can do this to any ' which DO NOT already have one
before them, this is so i can keep editing my text without all these \
building up.
Kind regards
Marc
see addslashes()
and stripslashes()
Bye.
Jasen This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Chris Dunaway |
last post by:
When using a PropertyGrid, I have an object with a Date property, but I am
only interested in the Time portion. How do I make the PropertyGrid allow
editing the time only? Just the hours and minutes, preferably?
Thanks
--
Chris
dunawaycsbcglobal_lunchmeat_net
|
by: Dennis Ruppert |
last post by:
I created a routine to read and edit the description properties of
tables, (the one you see in the database window). It works just fine.
This is the basic code behind it, I substituted all my
editing/updating code with the debug.print to keep it simple.
Function EditTableDescriptions()
On Error GoTo Err_EditTableDescriptions
Dim db As DAO.Database
Dim tbl As DAO.TableDef
|
by: Jeff Petter |
last post by:
I can't seem to get the update piece working properly while doing in-place editing. I don't receive any errors, but the update doesn't take place. From the examples I've used as "go bys" it looks pretty straight forward. I've included my update code below. If anyone has any insight into my problem, I would certainly appreciate it.
Thanks,
Jeff
private void DataGrid1_UpdateCommand(object source,...
|
by: tom c |
last post by:
I am going through "Walkthrough: Editing and Inserting Data in Web
Pages with the DetailsView Web Server Control" found at
http://msdn2.microsoft.com/en-us/library/sdba1d59.aspx
I am using Access instead of SQL Server. Everything works fine until I
get to the last step, where I try to insert a record. When I hit the
New link it lets me add the new data, but then when I hit Insert, I get
the yellow page which I have paseted below. I...
|
by: Frnak McKenney |
last post by:
Can I use a bound ComboBox for both browsing and editing?
I'm working on a small, standalone database application using Visual
C#.NET 2003 and an Access data file.
In order to keep the number of different screens down to a minimum,
I'm trying to use the same Windows Forms for both browsing and for
updating. This works fine for TextBoxes, but I'm running into
problems with my DropDownLists (ComboBoxes).
| | |
by: =?Utf-8?B?QWRhciBXZXNsZXk=?= |
last post by:
Hi All,
I have a GridView inside the EditItemTemplate of a FormView. Both FormView
and GridView are data bound using an ObjectDataSource. When the FormView's
ObjectDataSource object has a SelectParameters with a SessionParameter in
the parameters collection and the object stored in the Session is a
reference type,
the DataGrid fails to enter Line Editing mode.
Is this a bug? Is there a workaround for this problem?
|
by: zivon |
last post by:
now for the bigger problam :)
I know you pepole hate using OE for sending emails, but its user friendly and its needed in this case...
I found on this forum, a code that sends email using OE with attachments.
it works, but with two problams... first, its directly sends the email, without opening the OE "editing mode" of the email, like when you use the DoCmd.SendObject.
this is the smaller problams though...
the bigger problam...
|
by: hanusoft |
last post by:
This is an example of editing in DataGrid and Default Paging
http://www.hanusoftware.com
Html Design Code : -
<asp:DataGrid id="DataGrid1" DataKeyField="id" runat="server" Height="224px" AutoGenerateColumns="False" PageSize="5" AllowPaging="True">
<Columns>
<asp:BoundColumn Visible="False" DataField="id"
HeaderText="Category Id"></asp:BoundColumn>
|
by: sunita jadhav |
last post by:
my question is if i type in html textbox on key press event suppose i type 12345 values in textbox then i delete or edit any value of text box suppose i edit 3 and i insert the value 6 at 3 but i have face problem that is if i insert 6 at 3 this value is not insert at 3 it insert last positon i.e after last value .In given example the value is appned or insert after 5 then output is 12456 but i have want the output 12645 and i also give the...
|
by: ee0jmt |
last post by:
Hopefully an easy question:
Using vb.net I have opened an xml file (which is encrypted) retreived the file information as a string, carry out some editing of the xml data. I now want to produce a string with the edited information so that I can pass it to a function which will encrypt and save the xml file.
I can do all of the above except for the regenerating the edited xml data into a string after it has been edited.
This is my code:...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
| | |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
