472,780 Members | 1,751 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > mysql_real_escape_string addslashes....

Join Bytes to post your question to a community of 472,780 software developers and data experts.

mysql_real_escape_string addslashes....

I've to put datas from user's input in a database.

I've taken a function from internet (don't remember where) formatting most
of the values:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
case "boolean":
$theValue = ($theValue == "on" or $theValue == "ON") ? "1" : "0";
break;
case "textLike":
$theValue = ($theValue != "") ? "'%" . $theValue . "%'" : "NULL";
break;

}
return $theValue;
}

I've slighthly modified it for my needs. Now, I've seen I've to use
mysql_real_escape_string for avoiding injection attack. Here are the points
I've to keep in mind for this function: (note the difference between ' and
`)
the stings may be:
O'Reilly
O`Reilly

the numbers may be:
10000
10'000
10`000

I'm thinking of putting this code, but don't know if it's the better way

$theValue = mysql_real_escape_string((get_magic_quotes_gpc()) ?
stripslashes($theValue) : $theValue);

any help would greately be appreciated.

Bob

Jul 17 '05 #1
0 1648
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
addslashes vs. mysql_real_escape_string
by: leegold2 | last post by:
When I look directly in my db field I see a difference between these two functions. The top line (seebelow) was inserted with addslashes vs. the bottom line where I used mysql_real_escape_string....
PHP
4
[FAQ] addslashes() and striplashes()
by: Jan Pieter Kunst | last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML forms and database INSERTs, UPDATEs and SELECTs? A. It depends on the setting of the php.ini directive "magic_quotes_gpc"....
PHP
2
mysql_real_escape_string() vs addslashes()
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly...
PHP
2
mysql_real_escape_string() cannot connect to database..??
by: comp.lang.php | last post by:
when trying to use the mysql_real_escape_string() function, the following warning occurs: First of all, the user is not 'web' trying to connect to the database, secondly, what is...
PHP
7
mysql_real_escape_string() chopping off after quotes
by: Paul Furman | last post by:
mysql_real_escape_string() is apparently chopping off anything that follows a quote when I grab the data & put it in a form for editing. Sorry if I'm not explaining this properly, I'm pretty...
PHP
6
addslashes, mysql_real_escape_string or magic_quotes_gpc?
by: redog6 | last post by:
Hi I have a webform with many free text fields and have a problem with apostrophes and single quotes as this breaks the mysql query string. I obviously need to escape these characters -...
PHP
13
addslashes/mysql_real_escape_string
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a...
PHP
8
addslashes, mysql_real_escape_string, etc not working
by: pedalpete | last post by:
I am finding this very strange and frustrating, but I've got some data being entered into a mysql database, and when the data contains an apostrophe for example the word we're, it shows up in the...
PHP
7
mysql_real_escape_string errror: expects string, resource given.
by: roseple | last post by:
Hi, can anyone please help me why I got this error every I uploaded files. Error: Here is the code on the said warning message: # Gather all required data $name =...
PHP
0
How to Use CodiumAI's pr-agent?
by: erikbower65 | last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps: 1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal. 2. Connect to...
General
0
linyimin
Speedup your spring application
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
General
0
Steps manually installing IntelliJ IDEA.
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
General
0
Development of Funny H5 Game - Toy Claw
by: kcodez | last post by:
As a H5 game development enthusiast, I recently wrote a very interesting little game - Toy Claw ((http://claw.kjeek.com/))。Here I will summarize and share the development experience here, and hope it...
HTML / CSS
14
DJRhino1175
Cancel Print Action if Sub form has No Records
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
Microsoft Access / VBA
5
To verify entry of a dropdown
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
Microsoft Access / VBA
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How does React native implement an English player?
by: lllomh | last post by:
How does React native implement an English player?
Mobile Development
0
How to calculate date of retirement from date of birth
by: Mushico | last post by:
How to calculate date of retirement from date of birth
Data Management

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!