On Monday 12 January 2004 12:31, Ryan A wrote:
> I am getting some input from a client in a text area, the input is an sql
> statement, so I am using addslashes but the damn thing is not working...any
> idea why?
>
> Heres my code:
>
> if(isset($_POST['the_sql_command']))
> {
> $the_sql_command=$_POST['the_sql_command'];
> $the_sql_command=addslashes($the_sql_command);
> }else{$the_sql_command="none";}
>
> I tested it out by entering this sql into the database:
> insert into testing_table values('bill o'reilly')
>
> Opening phpmyadmin I looked in the able and there are no slashes being
> applied.....!!????
> just this: insert into testing_table values('bill o'reilly')
>
>
> (and yes, I did try this too:
> $the_sql_command=addslashes($_POST['the_sql_command']); )
>
>
> What am I missing?
Nothing (much). addslashes() _enables_ you to enter stuff which contains
quotes into the DB properly, but the slashes are obviously not part of the
data and hence not stored.
To do want you want to do, you can try addslashes() on the data bit (ie: bill
o'reilly), then addslashes() again on the entire $the_sql_command.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
The IBM 2250 is impressive ...
if you compare it with a system selling for a tenth its price.
-- D. Cohen
*/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
