> > battling this problem on several forums and mailing lists, I got
> confused:
> > when store string that contains quotations (ie afan's "php" shop) in
> mysql
> > does it have to be stored with backslashes (afan\'s \"php\" shop) or
> just
> > the way it is? my login's telling me the way it is. am I wrong?
>
> Yes, MySQL stores it that way for a specific reason. That is strings
are
> generally input in the form:
>
> INSERT INTO table (blah) VALUES('blah');
>
> That said, if you didn't have the slash escape, you'd have something
like:
>
> INSERT INTO table (blah) VALUES('I'm blah);
>
> Which MySQL would choke on, not knowing what to do with m blah. Also,
> this is
> done to prevent SQL injection, like:
>
> INSERT INTO table (blah) VALUES('[bl' ; DELETE FROM table;
SELECT('ah]');
>
> where [] is what the user inputs. Now when displaying, you'll have to
> unescape the slashes generally. Unfortunately I can't remember in PHP
if
> that's because of magic quotes or just the way the db has it stored.
My
> gut
> instinct is the former.
No no no no. If you have to unescape your data before you display it,
then you escaped it too many times.
If you have the following query:
INSERT INTO myTable VALUES ('I\'m Happy');
MySQL does NOT store this value as
I\'m Happy
it is stored as
I'm Happy
The escape character is needed so that the interpreter that reads your
SQL commands can understand the query. MySQL does not choke on
apostrophes or quotes. It has no problem with them. They're just
characters. The interpreter needs to know the difference between a
string-defining quote and a quote that is part of the data. Hence the
escape characters. Just as if you have the following PHP code:
<?php
echo 'I\'m Happy';
?>
PHP does not print out
I\'m Happy
it prints out
I'm Happy
The problem is indeed caused by magic quotes. Magic quotes
automagically escapes data for you. When you escape your escaped data
with addslashes or the like, you're escaping your escape characters as
well.
kgt
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
