On Wed, August 1, 2007 3:27 pm, Jay Blanchard wrote:
> [snip]
>
> $first = "'".addslashes($_POST['firstname'])."'";
> $last = "'".addslashes($_POST['lastname'])."'";
> $email = "'".addslashes($_POST['email'])."'";
> $address = "'".addslashes($_POST['address'])."'";
> $city
CK wrote:
Hi,
Engaged in "cleanup" project, attempting to understand the uncommented
decisions of predecessors. Inserting the following contact form values
into a DB:
$first = "'".addslashes($_POST['firstname'])."'";
$last = "'".addslashes($_POST['lastname'])."'";
$email = "'"
On Wed, 2007-08-01 at 13:20 -0700, CK wrote:
> Hi,
>
> Engaged in "cleanup" project, attempting to understand the
> uncommented decisions of predecessors. Inserting the following
> contact form values into a DB:
>
>
> $first = "'".addslashes($_POST['firstname'])."'";
> $last = "'
[snip]
$first = "'".addslashes($_POST['firstname'])."'";
$last = "'".addslashes($_POST['lastname'])."'";
$email = "'".addslashes($_POST['email'])."'";
$address = "'".addslashes($_POST['address'])."'";
$city = "'".addslashes($_POST['city'])."'";
$state = "'".addslashes
On Wed, Mar 29, 2006 at 05:32:25PM -0600, Chris Boget wrote:
> I totally blew past that part with the sybase because we aren't using
> sybase. I guess I should have paid more attention. I'm curious why that
> directive affects general PHP code and not just the sybase functions.
This is why mag
directive affects general PHP code and not just the
sybase functions.
Oh, well.
Thanks for the heads up.
thnx,
Chris
- Original Message - From: "Jasper Bryant-Greene" <[EMAIL PROTECTED]>
To: "Chris Boget" <[EMAIL PROTECTED]>
Cc: "PHP General&
al Message -
From: "Jasper Bryant-Greene" <[EMAIL PROTECTED]>
To: "Chris Boget" <[EMAIL PROTECTED]>
Cc: "PHP General"
Sent: Wednesday, March 29, 2006 5:29 PM
Subject: Re: [PHP] addslashes()
From http://php.net/addslashes :
"Having the PHP directi
From http://php.net/addslashes :
"Having the PHP directive magic_quotes_sybase set to on will mean ' is
instead escaped with another '."
Jasper
Chris Boget wrote:
Can someone explain something to me:
$string = "Bob's carwash's door";
echo 'addslashes(): ' . addslashes( $string ) . '
JM wrote:
Hi all,
Ok here is what I need help with:
$var = "i like fi'sh";
I'm able to addslashes(gather the data from a form), submit into the
database, stripslashes(retrieve it).
My problem is when I display it in a input type=text form the single
quote is causing a truncation.
will disp
JM wrote:
> Hi all,
> Ok here is what I need help with:
>
> $var = "i like fi'sh";
>
> I'm able to addslashes(gather the data from a form), submit into the
> database, stripslashes(retrieve it).
>
> My problem is when I display it in a input type=text form the single
> quote is causing a truncat
Chris Shiflett wrote:
--- Jough P <[EMAIL PROTECTED]> wrote:
My goal is to never have to use the addslashes() function. Any
suggestions?
There's probably nothing you can do about your Web host, but you can use
the fix_magic_quotes() function listed here:
http://phundamentals.nyphp.org/PH_storingr
--- Jough P <[EMAIL PROTECTED]> wrote:
> My goal is to never have to use the addslashes() function. Any
> suggestions?
There's probably nothing you can do about your Web host, but you can use
the fix_magic_quotes() function listed here:
http://phundamentals.nyphp.org/PH_storingretrieving.php
Ho
John W. Holmes wrote:
From: "Hardik Doshi" <[EMAIL PROTECTED]>
Currently i am using PEAR DB abstration layer. Which
function should i use to escape the ' character? There
are couple of functions in the PEAR DB documentation
so i don't know which one should i use.
I don't use PEAR DB, but it loo
From: "Hardik Doshi" <[EMAIL PROTECTED]>
> Currently i am using PEAR DB abstration layer. Which
> function should i use to escape the ' character? There
> are couple of functions in the PEAR DB documentation
> so i don't know which one should i use.
I don't use PEAR DB, but it looks like quoteSmar
Thank you John.
Currently i am using PEAR DB abstration layer. Which
function should i use to escape the ' character? There
are couple of functions in the PEAR DB documentation
so i don't know which one should i use.
Hardik
--- "John W. Holmes" <[EMAIL PROTECTED]> wrote:
> Richard Davey wrote:
Richard Davey wrote:
Does mysql_real_escape_string (or mysql_escape_string) do anything
extra that addslashes() doesn't? In the examples in the manual it is
just used to escape the ' character, but that is exactly what
addslashes() will do anyway.
real_escape_string() takes the current character s
On 28 January 2004 12:31, Will wrote:
> I'm a little confused with these functions. How I here you
> ask. Well I thought I understood what they were for:
> Escaping characters that might cause a problem when you enter
> your data into a database query. i.e. \ ' "
>
> Anyway what is confusing me i
Hello Will,
On 28 Jan 2004 at 12:31, Will wrote:
> However recently I encrypted some data which I stored in the database.
> The string contained a \ which I added slashes to when entered in to
> the database. But as the database appears to strips the first slash
> off the double slash automatical
Will wrote:
I'm a little confused with these functions. How I here you ask. Well I
thought I understood what they were for:
Escaping characters that might cause a problem when you enter your data
into a database query. i.e. \ ' "
Anyway what is confusing me is, say I have a string which contai
Hello João,
On 15 Jan 2004 at 17:07, João Cândido de Souza Neto wrote:
> I'm using str_replace("\r\n","\\r\\n",addslashes($campo)) to add "\" in
> mysql data to send to javascript variable.
>
> Running in my machine with win xp + iis it's all ok, but in server with
> linux + apache, the javascri
Send us the resulting javascript code.
João Cândido de Souza Neto wrote:
Hello to all.
I'm using str_replace("\r\n","\\r\\n",addslashes($campo)) to add "\" in
mysql data to send to javascript variable.
Running in my machine with win xp + iis it's all ok, but in server with
linux + apache, the jav
On Monday 12 January 2004 13:25, Ryan A wrote:
> > addslashes() _enables_ you to enter stuff which contains
> >quotes into the DB properly, but the slashes are obviously not part of the
> >data and hence not stored.
>
> *
> but the whole sql statement is part of the data right? I mean I am saving
Hi,
Thanks for replying.
*
> addslashes() _enables_ you to enter stuff which contains
>quotes into the DB properly, but the slashes are obviously not part of the
>data and hence not stored.
*
but the whole sql statement is part of the data right? I mean I am saving
the whole
sql statement for late
On Monday 12 January 2004 12:31, Ryan A wrote:
> I am getting some input from a client in a text area, the input is an sql
> statement, so I am using addslashes but the damn thing is not working...any
> idea why?
>
> Heres my code:
>
> if(isset($_POST['the_sql_command']))
> {
> $the_sql_command=
From: "Cesar Cordovez" <[EMAIL PROTECTED]>
> Is it just me or addslahes truncates the result to 65535 chars? Any
> comments? Or can it be that a blob field in a MySQL database is just
> 65535 chars, I don't think so...
Think again...
BLOB, TEXT L+2 bytes, where L < 2^16
MEDIUMB
Hi.
Turns out that addslashes is not guilty of truncating it's result.
Marek is right here. Changed the type of the field from BLOB to
LONGBLOB and everything works great!
Thanks!
Marek Kilimajer wrote:
Cesar Cordovez wrote:
HI!
Is it just me or addslahes truncates the result to 65535 chars
Cesar Cordovez wrote:
HI!
Is it just me or addslahes truncates the result to 65535 chars? Any
comments? Or can it be that a blob field in a MySQL database is just
65535 chars, I don't think so...
Cesar.
BLOB is just 65535 chars. Use MEDIUMBLOB (2^24 bytes) or LONGBLOB (2^32
bytes). Also tex
I think always using addslashes is better because you have to write
clean cide instead of trusting in a funktion which can be disabled on
some servers.
To avoid double-escaping I use this code:
function stripslashes_array($array) {
reset($array);
while(list($key,$val)=each($array)) {
if(is_
If you are doing both addslashes() and have magic_quotes_gpc turned on,
then yes, you are double-escaping things.
>From a performance-perspective I doubt you could measure much difference,
but I suppose doing it through magic_quotes_gpc would be faster assuming
you need to escape all your GPC d
Brad Pauly wrote:
CF High wrote:
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed;
Result: I\\\'ve got an apostrophe.
What's up with that -- why not just add a single backslash?
Do you have gpc_magic_
CF High wrote:
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed;
Result: I\\\'ve got an apostrophe.
What's up with that -- why not just add a single backslash?
Do you have gpc_magic_quotes enabled?
- Br
WFM.
Is $apostrophe from a REQUEST variable. Then it already is addslashed,
as your magic_quotes_gpc is on in php.ini.
CF High wrote:
Hey All.
Simple ?
why does PHP add 3 slashes to the following var:
$apostrophe = "I've got an apostrophe";
$slashed = addslashes($apostrophe);
echo $slashed
well Allen' <[EMAIL PROTECTED]>
> Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: RE: [PHP] Addslashes problem (MSSQL)
>
>
> What do you mean by "It escapes single quotes with single quotes."?
>
> so let's say my $co
Kelvin,
This link should be helpful:
http://www.mysql.com/doc/en/String_syntax.html
Regards,
Michael Egan
-Original Message-
From: Poon, Kelvin (Infomart) [mailto:[EMAIL PROTECTED]
Sent: 20 March 2003 16:21
To: 'Lowell Allen'
Cc: [EMAIL PROTECTED]
Subject: RE: [PHP] Addslash
IL PROTECTED]
Sent: Thursday, March 20, 2003 11:20 AM
To: PHP
Subject: Re: [PHP] Addslashes problem (MSSQL)
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
> From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]>
>
MS-SQL doesn't escape with slashes. It escapes single quotes with single
quotes.
--
Lowell Allen
> From: "Poon, Kelvin (Infomart)" <[EMAIL PROTECTED]>
> Date: Thu, 20 Mar 2003 10:58:02 -0500
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: [PHP] Addslashes problem (MSSQL)
>
> Hi,
>
>
why not try it and let us know.
--- Jean-Christian Imbeault <[EMAIL PROTECTED]>
wrote:
> Is addslashes() multi-byte safe?
>
> I will bu sing it to escape multi-byte input and
> wouldn't want it to
> mangle anything...
>
> Thanks,
>
> Jc
>
>
> --
> PHP General Mailing List (http://www.php.net
thanks guys, got it working now. Removed Addslashes and it works fine.
1lt John W. Holmes wrote:
>> I am trying to develop a search for my database.
>>
>> I used addslashes when entering the data, and then use addslashes with
>> the search but nothing comes up:
>>
>> Select * from tblContacts,
> I am trying to develop a search for my database.
>
> I used addslashes when entering the data, and then use addslashes with the
> search but nothing comes up:
>
> Select * from tblContacts, tblCountries WHERE
> (tblContacts.CountryCode=tblCountries.CountryID) AND (Organization LIKE
> '%o\'mallies
what happens when you type:
Select * from tblContacts, tblCountries WHERE
(tblContacts.CountryCode=tblCountries.CountryID) AND (Organization LIKE
'%o\'mallies%' )
at the mysql command line?
- Original Message -
From: "Paul Dionne" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesda
Don't know which database you're using but in Oracle you would use:
Select * from tblContacts, tblCountries WHERE
(tblContacts.CountryCode=tblCountries.CountryID) AND (Organization LIKE
'%o''mallies%' )
Escape(\) is only used in PHP syntax, not SQL.
Regards
-Original Message-
From: P
No, nothing has changed in recent memory with respect to this.
On Wed, 2 Oct 2002, Anil Garg wrote:
> Hi,
>
> Is it so that in php 4.2.3 we have to do both..."addslashes" and
> "removeslashes" ?? coz in one of the older versions the things are goin fine
> without using "removeslashes" but it do
on 01/09/02 10:23 PM, cLeAnEr ([EMAIL PROTECTED]) wrote:
> Hi.
> I have recently started prograemming some php. Now I wonder exactly what
> addslashes() is good for...
> I´ve read about it that it insert slashes where needed to get data in right
> form to Mysql? and then use stripeslashes() to re
> -Original Message-
> From: ed [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 14, 2002 1:48 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] addslashes() and stripslashes()
>
>
> Is it a good idea to always use addslashes() on a
> value gathered from a text field or textarea?
Yes, a
On Saturday 22 June 2002 07:42, Chris Shiflett wrote:
> PHP is probably escaping the single quotes for you:
>
> it's -> it\'s
>
> When addslashes() is applied to this, both the backslash character and
> the single quote are escaped:
>
> \ -> \\
> ' -> \'
>
> The result is what you see:
>
> it\'s -
PHP is probably escaping the single quotes for you:
it's -> it\'s
When addslashes() is applied to this, both the backslash character and
the single quote are escaped:
\ -> \\
' -> \'
The result is what you see:
it\'s -> it\\\'s
If you strip slashes twice, you'll be back to normal.
Chris
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
* and then OMAR IGNACIO CAMPOS GALAN declared
> When I use addslashes to add a back slash to a single quote, it returns 3
> back slashes (example: 'it\\\'s'. Is that correct? Am I doing something
> wrong?
You're doing something wrong ;-)
I'll be
Can you put things in standard quotes? "'Aimburu"
> -Original Message-
> From: andy [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 11, 2002 12:44 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [PHP] addslashes for db search?
>
>
> Hi there,
>
> I have some db records star
At 10:43 AM 1/18/2002 -0600, Gonzalez, Zara E wrote:
>Now I am using MSSQL via freetds and since the commands for MSSQL and
>Sybase are
>basically identical as far as php is concerned, I am assuming that I have
>to use
>the "sybase method" to escape quotes. However, I can't seem to figure out
>
--On Monday, November 26, 2001 04:47:35 PM -0800 Scott Aikin
<[EMAIL PROTECTED]> wrote:
> I've come across a strange problem working backwards with stripslashes
> after running addslashes. I take a string like:
>
> "\t\4"
>
> and run it through addslashes, the result is:
>
> \\t\\4
>
> After gr
76 808300
>
>
>
> >From: Rasmus Lerdorf <[EMAIL PROTECTED]>
> >To: Caleb Carvalho <[EMAIL PROTECTED]>
> >CC: <[EMAIL PROTECTED]>
> >Subject: Re: [PHP] addslashes q's
> >Date: Wed, 3 Oct 2001 09:15:49 -0700 (PDT)
> >
> > > after e
-
Mercury Interactive
410 Frimley Business Park
Frimley, Surrey. GU16 7ST
United Kingdom
Telephone : +44 (0)1276 808300
>From: Rasmus Lerdorf <[EMAIL PROTECTED]>
>To: Caleb Carvalho <[EMAIL PROTECTED]>
>CC: <[EMAIL PROTECTED]>
>Sub
> after enabling magic quotes with sybase,
> now, i don't even need to addslashes..
> the only problem is that is adding " quote when i say won't it adds won''t
>
> does any one know why?
Because that is how a ' is supposed to be escaped in Sybase.
-Rasmus
--
PHP General Mailing List (http://
maybe i don't undestand correctly but try:
$string = str_replace("","\\n",$string);
i.e escape the escape character \\n
- Original Message -
From: "Chad Day" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, July 06, 2001 4:38 PM
Subject: [PHP] addslashes problem ..
> I have t
Jeff, here's what I do:
1. set magic_quotes_gpc On in php.ini
* this will automatically quote all GET, POST, and COOKIE
variables - read up on magic_quotes_gpc.
2. at the top of each script, stripslashes all the COOKIE, GET,
and POST variables, since they will have been
This seems to be more of a HTML problem.
Form fields simply can´t print out ". You need to change the " to " in
order for it to appear.
This can be done using the function htmlspecialchars():
http://www.php.net/manual/en/function.htmlspecialchars.php
In your case:
">
You can test these two thing
This is the source of your problems.
Use HTMLEntities() or URLEncode() or something before you try to put your
string in that.
--
Visit the Zend Store at http://www.zend.com/store/
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.
57 matches
Mail list logo
