473,320 Members | 1,950 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,320 software developers and data experts.

mysql_real_escape_string addslashes....

I've to put datas from user's input in a database.

I've taken a function from internet (don't remember where) formatting most
of the values:
function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
$theNotDefinedValue = "") {
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" :
"NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue :
$theNotDefinedValue;
break;
case "boolean":
$theValue = ($theValue == "on" or $theValue == "ON") ? "1" : "0";
break;
case "textLike":
$theValue = ($theValue != "") ? "'%" . $theValue . "%'" : "NULL";
break;

}
return $theValue;
}

I've slighthly modified it for my needs. Now, I've seen I've to use
mysql_real_escape_string for avoiding injection attack. Here are the points
I've to keep in mind for this function: (note the difference between ' and
`)
the stings may be:
O'Reilly
O`Reilly

the numbers may be:
10000
10'000
10`000

I'm thinking of putting this code, but don't know if it's the better way

$theValue = mysql_real_escape_string((get_magic_quotes_gpc()) ?
stripslashes($theValue) : $theValue);

any help would greately be appreciated.

Bob

Jul 17 '05 #1
0 1677

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: leegold2 | last post by:
When I look directly in my db field I see a difference between these two functions. The top line (seebelow) was inserted with addslashes vs. the bottom line where I used mysql_real_escape_string....
4
by: Jan Pieter Kunst | last post by:
Q. How do I use addslashes() and stripslashes() when dealing with HTML forms and database INSERTs, UPDATEs and SELECTs? A. It depends on the setting of the php.ini directive "magic_quotes_gpc"....
2
by: Marcus | last post by:
Hello, My php.ini file currently has magic quotes set to On, but I have read that it is better to code with it off. Currently with magic quotes on, I only use stripslashes() to properly...
2
by: comp.lang.php | last post by:
when trying to use the mysql_real_escape_string() function, the following warning occurs: First of all, the user is not 'web' trying to connect to the database, secondly, what is...
7
by: Paul Furman | last post by:
mysql_real_escape_string() is apparently chopping off anything that follows a quote when I grab the data & put it in a form for editing. Sorry if I'm not explaining this properly, I'm pretty...
6
by: redog6 | last post by:
Hi I have a webform with many free text fields and have a problem with apostrophes and single quotes as this breaks the mysql query string. I obviously need to escape these characters -...
13
by: ndlarsen | last post by:
Hello. It's been a while since I used php. Since then magic quotes has been deprecated and will be removed when php 6.0 hits. My question is, what should I be using when submitting data to a...
8
by: pedalpete | last post by:
I am finding this very strange and frustrating, but I've got some data being entered into a mysql database, and when the data contains an apostrophe for example the word we're, it shows up in the...
7
by: roseple | last post by:
Hi, can anyone please help me why I got this error every I uploaded files. Error: Here is the code on the said warning message: # Gather all required data $name =...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.