At 23:58 -0400 10/9/04, leegold wrote:
On Sat, 9 Oct 2004 22:31:07 -0500, "Paul DuBois" <[EMAIL PROTECTED]> said:
At 23:18 -0400 10/9/04, leegold wrote:
>Seems like mysql_real_escape_string function is not working?
> mysql Ver 14.5 Distrib 4.1.3a-beta, for Win95/Win98 (i32)
>
><?php
>$originalstring = "Apostrophe's rock";
>echo $originalstring, "<br>";
>echo addslashes( $originalstring ), "<br>";
>echo mysql_escape_string( $originalstring ), "<br>";
>echo mysql_real_escape_string( $originalstring ), "<br>";
>?>
>
>Shows up in my browser as:
>
>Apostrophe's rock
>Apostrophe\'s rock
>Apostrophe\'s rock
In what way do you believe this to be incorrect?
The apostrope is not escaped (no slash added) in my db when I do a
select and look in a field when using mysql_real_escape_string. I was
originally asking about apostrophies not being escaped by
mysql_real_escape_string on my system. But now i see that the echo'd
mysql_real_escape_string statement does *not* even show up in the php
page in my example while the other escape function statements echo'd do
show up. I am confused! Are you are saying all is this is correct? Why?
What I was getting at was that the output you were showing is what
I would expect from mysql_escape_string() and mysql_real_escape_string().
(One problem is that mysql_real_escape_string() _requires_ a connection
to the MySQL server, and I don't see that you've opened a connection to
the server anywhere.
If you use the output from mysql_real_escape_string() and insert it
into the database, the backslash allows the apostrophe to be inserted
without causing a syntax error.
If you then select that value, no backslash will show up.
It is needed only for inserting data, not for retrieving it.
--
Paul DuBois, MySQL Documentation Team
Madison, Wisconsin, USA
MySQL AB, www.mysql.com
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]