At 23:58 -0400 10/9/04, leegold wrote:
On Sat, 9 Oct 2004 22:31:07 -0500, "Paul DuBois" <[EMAIL PROTECTED]> said:
 At 23:18 -0400 10/9/04, leegold wrote:
 >Seems like mysql_real_escape_string function is not working?
 >    mysql  Ver 14.5 Distrib 4.1.3a-beta, for Win95/Win98 (i32)
 >
 ><?php
 >$originalstring = "Apostrophe's rock";
 >echo $originalstring, "<br>";
 >echo addslashes( $originalstring ), "<br>";
 >echo mysql_escape_string( $originalstring ), "<br>";
 >echo mysql_real_escape_string( $originalstring ), "<br>";
 >?>
 >
 >Shows up in my browser as:
 >
 >Apostrophe's rock
 >Apostrophe\'s rock
 >Apostrophe\'s rock

In what way do you believe this to be incorrect?

The apostrope is not escaped (no slash added) in my db when I do a select and look in a field when using mysql_real_escape_string. I was originally asking about apostrophies not being escaped by mysql_real_escape_string on my system. But now i see that the echo'd mysql_real_escape_string statement does *not* even show up in the php page in my example while the other escape function statements echo'd do show up. I am confused! Are you are saying all is this is correct? Why?

What I was getting at was that the output you were showing is what I would expect from mysql_escape_string() and mysql_real_escape_string(). (One problem is that mysql_real_escape_string() _requires_ a connection to the MySQL server, and I don't see that you've opened a connection to the server anywhere.

If you use the output from mysql_real_escape_string() and insert it
into the database, the backslash allows the apostrophe to be inserted
without causing a syntax error.

If you then select that value, no backslash will show up.
It is needed only for inserting data, not for retrieving it.

--
Paul DuBois, MySQL Documentation Team
Madison, Wisconsin, USA
MySQL AB, www.mysql.com

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]



Reply via email to