473,325 Members | 2,870 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,325 software developers and data experts.

addslashes, mysql_real_escape_string or magic_quotes_gpc?

Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.

I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.

I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.

Many thanks
Redge
P.S please reply to this group rather than by email - thanks

Oct 16 '07 #1
6 3746
On Tue, 16 Oct 2007 18:32:12 +0200, <re****@hotmail.comwrote:
Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.

I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.

I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.

http://www.php.net/array_map is your friend.
--
Rik Wasmus
Oct 16 '07 #2
"Rik Wasmus" <lu************@hotmail.comwrote in
news:op***************@metallium.lan:
On Tue, 16 Oct 2007 18:32:12 +0200, <re****@hotmail.comwrote:
>Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.

I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.

I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.


http://www.php.net/array_map is your friend.
just make sure not to apply it to form variables which are arrays!
Oct 16 '07 #3
re****@hotmail.com wrote:
Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.

I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.

I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.

Many thanks
Redge
P.S please reply to this group rather than by email - thanks

mysql_real_escape_string() - that's what it's made for.

And yes, you need to apply it to each field separately.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Oct 16 '07 #4
In our last episode,
<11**********************@v29g2000prd.googlegroups .com>, the lovely and
talented re****@hotmail.com broadcast on comp.lang.php:
I could use either addslashes or mysql_real_espcape_string but do I have
to apply this to every field individually or is there a way to do it to
all in one go? Any advice on the most suitable method and how to do it in
one go would be greatly appreciated.

See the "best practice" example in the mysql_real_escape_string page of the
manual. Basically, you want to turn off magic quotes if you can, or test
for magic quotes and undo them if they are on in case you cannot turn them
off. You want to use mysql_real_escape_string, but only on stuff that is
going into a query and you want to use it as close to where you put the
query together as you can (mysql_real_escape_string will not work, or will
not work right unless you have established the db connection that you want
to use -- and if the link you want to use is not the one you most recently
established, you must specify the one you want to use).

--
Lars Eighner <http://larseighner.com/ <http://myspace.com/larseighner>
Countdown: 461 days to go.
What do you do when you're debranded?
Oct 16 '07 #5

Many thanks to you all for a useful and speedy response! Best Redge

Oct 16 '07 #6
On Tue, 16 Oct 2007 19:01:47 +0200, Good Man <he***@letsgo.comwrote:
"Rik Wasmus" <lu************@hotmail.comwrote in
news:op***************@metallium.lan:
>On Tue, 16 Oct 2007 18:32:12 +0200, <re****@hotmail.comwrote:
>>Hi
I have a webform with many free text fields and have a problem with
apostrophes and single quotes as this breaks the mysql query string.

I obviously need to escape these characters - magic_quotes_gpc sounds
ideal but is not an option as I don't have access to the php.ini file
and it is currently set to 0.

I could use either addslashes or mysql_real_espcape_string but do I
have to apply this to every field individually or is there a way to do
it to all in one go?
Any advice on the most suitable method and how to do it in one go
would be greatly appreciated.


http://www.php.net/array_map is your friend.

just make sure not to apply it to form variables which are arrays!
Indeed, Good Practise would to be leave those arrays always 'as is' and
intact (hence magic_guotes are evil), and just copy the data you need from
it.
--
Rik Wasmus
Oct 17 '07 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: leegold2 | last post by:
When I look directly in my db field I see a difference between these two functions. The top line (seebelow) was inserted with addslashes vs. the bottom line where I used mysql_real_escape_string....
4
by: Jan Pieter Kunst | last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML forms and database INSERTs, UPDATEs and SELECTs? A. It depends on the setting of the php.ini directive "magic_quotes_gpc"....
2
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly...
4
by: Areric | last post by:
hey all, I recently got in a bit of a fight with my webhost because he made some changes to my server. Specifically they updated php without telling me. They are now running PHP 4.4.1 (not sure...
5
by: Tarscher | last post by:
Hi all, Is there a way I can always enable addslashes by including a line of code to the top of my pages? Thanks in advance Stijn
5
by: lawrence k | last post by:
This seems so simple, I can't believe its tripping me up. I've a database class with a query method that looks like this: function query($query=false) { global $controller; // $query =...
13
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a...
16
by: thelma | last post by:
My raw POST seems to return already escaped...so if the php is set to do it for me, than I shouldn't do anything more? ? --thelma
5
by: Mandragon03 | last post by:
I am using mysql_real_escape_string for the input of a form before it is updated into the mysql database. Somthing like this: $realHTMLText = mysql_real_escape_string($_POST); $id =...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.