472,780 Members | 1,751 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,780 software developers and data experts.

mysql_real_escape_string addslashes....

I've to put datas from user's input in a database.

I've taken a function from internet (don't remember where) formatting most
of the values:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
case "boolean":
$theValue = ($theValue == "on" or $theValue == "ON") ? "1" : "0";
case "textLike":
$theValue = ($theValue != "") ? "'%" . $theValue . "%'" : "NULL";

return $theValue;

I've slighthly modified it for my needs. Now, I've seen I've to use
mysql_real_escape_string for avoiding injection attack. Here are the points
I've to keep in mind for this function: (note the difference between ' and
the stings may be:

the numbers may be:

I'm thinking of putting this code, but don't know if it's the better way

$theValue = mysql_real_escape_string((get_magic_quotes_gpc()) ?
stripslashes($theValue) : $theValue);

any help would greately be appreciated.


Jul 17 '05 #1
0 1648

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: leegold2 | last post by:
When I look directly in my db field I see a difference between these two functions. The top line (seebelow) was inserted with addslashes vs. the bottom line where I used mysql_real_escape_string....
by: Jan Pieter Kunst | last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML forms and database INSERTs, UPDATEs and SELECTs? A. It depends on the setting of the php.ini directive "magic_quotes_gpc"....
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly...
by: comp.lang.php | last post by:
when trying to use the mysql_real_escape_string() function, the following warning occurs: First of all, the user is not 'web' trying to connect to the database, secondly, what is...
by: Paul Furman | last post by:
mysql_real_escape_string() is apparently chopping off anything that follows a quote when I grab the data & put it in a form for editing. Sorry if I'm not explaining this properly, I'm pretty...
by: redog6 | last post by:
Hi I have a webform with many free text fields and have a problem with apostrophes and single quotes as this breaks the mysql query string. I obviously need to escape these characters -...
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a...
by: pedalpete | last post by:
I am finding this very strange and frustrating, but I've got some data being entered into a mysql database, and when the data contains an apostrophe for example the word we're, it shows up in the...
by: roseple | last post by:
Hi, can anyone please help me why I got this error every I uploaded files. Error: Here is the code on the said warning message: # Gather all required data $name =...
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
by: lllomh | last post by:
How does React native implement an English player?
by: Mushico | last post by:
How to calculate date of retirement from date of birth

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.