471,336 Members | 938 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,336 software developers and data experts.

mysql_real_escape_string addslashes....

I've to put datas from user's input in a database.

I've taken a function from internet (don't remember where) formatting most
of the values:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
case "boolean":
$theValue = ($theValue == "on" or $theValue == "ON") ? "1" : "0";
break;
case "textLike":
$theValue = ($theValue != "") ? "'%" . $theValue . "%'" : "NULL";
break;

}
return $theValue;
}

I've slighthly modified it for my needs. Now, I've seen I've to use
mysql_real_escape_string for avoiding injection attack. Here are the points
I've to keep in mind for this function: (note the difference between ' and
`)
the stings may be:
O'Reilly
O`Reilly

the numbers may be:
10000
10'000
10`000

I'm thinking of putting this code, but don't know if it's the better way

$theValue = mysql_real_escape_string((get_magic_quotes_gpc()) ?
stripslashes($theValue) : $theValue);

any help would greately be appreciated.

Bob

Jul 17 '05 #1
0 1567

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by leegold2 | last post: by
4 posts views Thread by Jan Pieter Kunst | last post: by
2 posts views Thread by Marcus | last post: by
2 posts views Thread by comp.lang.php | last post: by
7 posts views Thread by Paul Furman | last post: by
13 posts views Thread by ndlarsen | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.