Whoops...helps if I write it legally.
$dbStr = preg_replace("/'/", "/\\'/", $dbStr);
$dbStr = preg_replace("/'/", "/''/", $dbStr);
M
On Wed, 27 Feb 2002, Matt Drake wrote:
> I don't see why addslashes wouldn't work, but why not roll your own?
>
> $dbStr = preg_replace("/'/", "/\\'/");
>
> I believe that, in MySQL, you can also double-up single quotes to escape
> them:
>
> $dbStr = preg_replace("/'/", "/''/");
>
> HTH
> Matt
>
> On Wed, 27 Feb 2002, Tim Thorburn wrote:
>
> > Hi,
> >
> > I've sent a few emails thus far regarding adding apostrophe's through a PHP
> > script form into a MySQL database. The responses I received indicated to
> > me that I needed to get my hosting company to activate magic_quotes_gpc.
> >
> > After several days of talking with what seems to be the sole tech support
> > person left at my hosting company - I was told that the magic_quotes_gpc
> > variable is not supported by them.
> >
> > Sooo ... this leaves me in a rather awkward situation. I need to have a
> > basic content management system up and running in the extremely near future
> > that will be utilized by a great number of individuals. If when an
> > apostrophe is entered - all the information entered through the form is
> > rejected by the database - the entire endeavour suddenly becomes rather
> > useless.
> >
> > I know that if I enter a \ before any apostrophe's in the form, it all
> > works well ... but I highly doubt that the large number of volunteer's
> > we're going to be working with here will take the time to add them, or even
> > remember 5 minutes after I tell them.
> >
> > Does anyone have any possible solutions for this problem? I'll include the
> > portion of code that seems to be causing the problems now ...
> >
> > I'm already using the addslashes() command and it is not working ... I'm
> > desperate at this point ...
> >
> > Again, the following works flawlessly on my local test machine running
> > Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
> > host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
> >
> > Thanks in advance,
> > -Tim
> >
> >
> > <?php
> > $db = mysql_connect("localhost", "xxxx", "xxxx");
> > mysql_select_db("edoinfo",$db);
> >
> > if ($submit) {
> > // here if no ID then adding else we're editing
> > if ($id) {
> > $sql = "UPDATE ai_data SET
> >
>section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
> > WHERE id=$id";
> > } else {
> > $sql = "INSERT INTO ai_data
> > (section,subsection,heading,title,info,entry) VALUES
> > ('$section','$subsection','$heading','$title','$info',NOW())";
> > }
> > // run SQL against the DB
> > $result = mysql_query($sql);
> > echo "Record updated/edited!<p>";
> > echo "<a href='add_info.php' class='comcal'>ADD A RECORD</a>";
> >
> > } elseif ($delete) {
> > // delete a record
> > $sql = "DELETE FROM ai_data WHERE id=$id";
> >
> > $result = mysql_query($sql);
> >
> > echo "$sql Record deleted!<p>";
> > echo "<a href='add_info.php' class='comcal'>ADD A RECORD</a>";
> >
> > } else {
> > // this part happens if we don't press submit
> > if (!$id) {
> > // print the list if there is not editing
> > $result = mysql_query("SELECT * FROM ai_data",$db);
> > while ($myrow = mysql_fetch_array($result)) {
> > printf("<a href=\"%s?id=%s\" class='comcal'>%s</a> \n", $PHP_SELF,
> > $myrow["id"], $myrow["title"]);
> >
> > printf("<a href=\"%s?id=%s&delete=yes\" class='comcal'>(DELETE)</a><br>",
> > $PHP_SELF, $myrow["id"]);
> > }
> > }
> >
> > ?>
> > <p> <a href="<?php echo $PHP_SELF?>" class="comcal">ADD A RECORD</a>
> > <p> <form method="post" action="<?php echo $PHP_SELF?>">
> > <?php
> > if ($id) {
> > // editing so select a record
> > $sql = "SELECT * FROM ai_data WHERE id=$id";
> > $result = mysql_query($sql);
> > $myrow = mysql_fetch_array($result);
> >
> > $id = $myrow["id"];
> > $section = $myrow["section"];
> > $subsection = $myrow["subsection"];
> > $heading = $myrow["heading"];
> > $title = addslashes($myrow["title"]);
> > $info = addslashes($myrow["info"]);
> > $entry = $myrow["entry"];
> >
> > // print the id for editing
> > ?>
> > <input type=hidden name="id" value="<?php echo $id ?>">
> > <?php
> > }
> > ?>
> > </td>
> > <td align="left" valign="top">Section<font size="1"></font>:</td>
> > <td align="left" valign="top">
> > <input type="text" name="section" value="<?php echo $section ?>"
> > size="35" maxlength="100" <?php include('../../../scripts/forms.css'); ?>>
> > </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top">Sub-Section: </td>
> > <td align="left" valign="top">
> > <input type="text" name="subsection" value="<?php echo $subsection
> > ?>" size="35" maxlength="100" <?php include('../../../scripts/forms.css'); ?>>
> > </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top">Heading Graphic: </td>
> > <td align="left" valign="top">
> > <input type="text" name="heading" value="<?php echo $heading ?>"
> > size="35" maxlength="255" <?php include('../../../scripts/forms.css'); ?>>
> > </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top">Section Title: </td>
> > <td align="left" valign="top">
> > <input type="text" name="title" value="<?php echo $title ?>"
> > size="35" maxlength="255" <?php include('../../../scripts/forms.css'); ?>>
> > </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top" colspan="2"> </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top">Document Information: </td>
> > <td align="left" valign="top">
> > <textarea cols="35" name="info" rows="5" <?php
> > include('../../../scripts/forms.css'); ?>><?php echo $info ?></textarea>
> > </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top"> </td>
> > <td align="left" valign="top"> </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top">Event Entry: </td>
> > <td align="left" valign="top">
> > <?php echo $entry ?>
> > </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top"> </td>
> > <td align="left" valign="top"> </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top">
> > <input type="Submit" name="submit" value="Enter information"
> > border=0 alt="Enter Information" style="background-color: 000000;
> > font-size: 14; color: cccccc;">
> > </td>
> > <td align="left" valign="top"> </td>
> > </tr>
> > <tr>
> > <td align="left" valign="top"> </td>
> > <td align="left" valign="top"> </td>
> > </tr>
> > </table>
> > </form>
> >
> > <?php
> > }
> > ?>
> >
> >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit: http://www.php.net/unsub.php
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
