Erm.. isn't the addslashes() just needed to protect the SQL query? IMO the data in the db will not have any slashes embedded in normal circumstances, so there is no reason to stripslashes() any data coming from a database column...
Rich -----Original Message----- From: Dash McElroy [mailto:dash.php@;westonefcu.org] Sent: 08 November 2002 16:53 To: 'Zeus'; [EMAIL PROTECTED] Subject: RE: [PHP-WIN] mysql_fetch_array problem Zeus, 2 notes: 1. Data you insert into a database should be addslashes($varname) first (or another encoding) to protect against MySQL injection vulnerabilities. A nice stripslashes($varname) on the way out gets rid of the slashes. You could also use urlencode($varname) and urldecode($varname). Helpful for storing URL's. 2. mysql_fetch_array (http://www.php.net/manual/en/function.mysql-fetch-array.php) is nowhere to be found in your code. You're using mysql_fetch_field... Either way, this is what I do: $result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5"); $count = mysql_num_rows($result); if ($count > 0) { for ($i=0;$i<$count;$i++) { $row = mysql_fetch_array($result); echo $row['time'] ."<br />".$row['name']."<br />".$row['message']."<br />\n"; } } elseif ($count == 0) { echo "No results returned"; } else { echo "Invalid Query. MySQL error: ".mysql_error(); } Please note - this code is off the top of my head, I have not actually tried it :) -Dash -----Original Message----- From: Zeus [mailto:zeus_dreamer@;myrealbox.com] Sent: Saturday, November 09, 2002 4:29 AM To: [EMAIL PROTECTED] Subject: [PHP-WIN] mysql_fetch_array problem I try to display mysql database using fetch_array but there seem to problem, i m new with PHP and mysql. I didn't quite sure, what's worng with my codes.i havent include the form yet. the error messages: Warning: mysql_fetch_field(): supplied argument is not a valid MySQL result resource in c:\apache\htdocs\zeus\shoutbox.php on line 17 code in shoutbox.php: <?PHP mysql_connect('localhost', 'zeus', 'pass') or die ("deadconnect"); mysql_select_db('zeussama_db') or die ("no db"); if($submit) { $time=date("h:ia d/j/y"); $result=mysql_query("INSERT INTO shoutbox (id,name,message,time)","values ('NULL','$name','$message','$time')"); } ?> <?php $result = mysql_query("SELECT * FROM shoutbox BY ID desc LIMIT 5"); while($r=mysql_fetch_field($result)) { $time=$r["time"]; $id=$r["id"]; $message=$r["message"]; $name=$r["name"]; echo "$time <br>"; echo "$name <br>"; echo "$message <br>"; } ?> ================================ :.zeus:. http://www.redrival.com/zeussama -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.404 / Virus Database: 228 - Release Date: 15/10/2002 -- PHP Windows Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
