Re: mysql_real_escape_string problem

Sat, 09 Oct 2004 22:09:28 -0700 


leegold wrote:

On Sat, 9 Oct 2004 22:31:07 -0500, "Paul DuBois" <[EMAIL PROTECTED]> said:

At 23:18 -0400 10/9/04, leegold wrote:

Seems like mysql_real_escape_string function is not working?
  mysql  Ver 14.5 Distrib 4.1.3a-beta, for Win95/Win98 (i32)

<?php
$originalstring = "Apostrophe's rock";
echo $originalstring, "<br>";
echo addslashes( $originalstring ), "<br>";
echo mysql_escape_string( $originalstring ), "<br>";
echo mysql_real_escape_string( $originalstring ), "<br>";
?>

Shows up in my browser as:

Apostrophe's rock
Apostrophe\'s rock
Apostrophe\'s rock

In what way do you believe this to be incorrect? 


The apostrope is not escaped (no slash added) in my db when I do a
select and look in a field when using mysql_real_escape_string. I was
originally asking about apostrophies not being escaped by
mysql_real_escape_string on my system. But now i see that the echo'd

You've misunderstood the purpose of the backslash escape. Consider the following:

  INSERT INTO yourtable VALUES (1, 'Apostrophe's rock');

Do you see the problem? The string to be inserted is delimited by single quotes (apostrophes), but it also contains a single quote. In other words, mysql sees

  INSERT INTO yourtable VALUES (1, 'Apostrophe'
  s rock');

(newline added for emphasis). The string ends after the 'e' in apostrophe, then there are some garbage characters. That is, you'll get a syntax error.

The solution is to tell mysql that the single quote in the middle of the string is to be taken as a literal character in the string, rather than the end of string delimiter. You do that by escaping the single quote with a preceding backslash. Thus, you would

  INSERT INTO yourtable VALUES (1, 'Apostrophe\'s rock');

The backslash doesn't go in the table. It's not supposed to. Instead, the table contains the original string.

mysql_real_escape_string statement does *not* even show up in the php
page in my example while the other escape function statements echo'd do
show up. I am confused! Are  you are saying all is this is correct? Why?

Apparently, one of the last three echo statements did nothing, but we cannot tell which, as they all should produce identical output. In any case, if the string is being successfully inserted in the db, then your code was working. It seems clear the problem here is something else.

Thanks,
Lee


Michael

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

Reply via email to