What I am saying is that you have to store the
slashes in your database. If you did not have the
slashes then your database insert would be screwed
up.
For example this would work fine if the variable
$fullname was "Michael Dell" but it would not work
if you had "Michael O'Dell". Why not? Look what
happens to the sql statement if you don't escape
the ' or " with a slash:
INSERT INTO maztov (fullname, email, address)
VALUES ('$fullname', '$email',
'$address')
INSERT INTO maztov (fullname, email, address)
VALUES ('Michael O'Dell',
'[EMAIL PROTECTED]', '123 Street')
You see the extra ' in the sql statement? So let
magic quotes insert the slashes when inputing text
but when you want to display it again then you
have to stripslashes.
-----Original Message-----
From: Lisi [mailto:[EMAIL PROTECTED]]
Sent: May 20, 2002 5:47 AM
To: SP; [EMAIL PROTECTED]
Subject: RE: [PHP-DB] stripSlashes function
The slashes are being added by the MagicQuotes
feature in PHP (I think)
when the form is submitted, and the slashes are
being put into the database
but I don't want them there. When I echo the
query it does have the
slashes, and when I echo it after applying
stripslashes they are gone, but
then my query is not being executed.
At 04:33 AM 5/20/02 -0400, SP wrote:
>You need to add slashes when putting data into
>your database. When you want to display the data
>from your database, that's when you strip the
>slashes.
>
>
>
>-----Original Message-----
>From: Lisi [mailto:[EMAIL PROTECTED]]
>Sent: May 20, 2002 5:33 AM
>To: [EMAIL PROTECTED]
>Subject: [PHP-DB] stripSlashes function
>
>
>I have a form that allows a person to enter an
>announcement into a database
>using a form. The form and the query work fine.
>
>$query = "INSERT INTO maztov (fullname1,
>fullname2, city1, city2, email1,
>email2, post_fullname, mazal_text, post_city,
>post_email, other_emails,
>entered) VALUES
>('$fullname1','$fullname2','$city1','$city2','$em
a
>il1','$email2','$post_fullname','$mazal_text','$p
o
>st_city','$post_email','$other_emails',
>NOW())";
>
>$result = mysql_query($query);
>
>Then I realized MagicQuotes was adding slashes to
>my query, so I added this
>line:
>
>$query = stripSlashes($query);
>
>before I executed the result. Now the result is
no
>longer executing, i.e.
>the entry is not being added into the database.
>
>When I echo the query before and after
>stripslashes has been applied, it is
>echoing exactly what I think it should. When I
>comment out the line with
>stripslashes, it works again but with adding
>quotes.
>
>What am I doing wrong?
>
>Thanks,
>
>-Lisi
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit:
>http://www.php.net/unsub.php
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system
>(http://www.grisoft.com).
>Version: 6.0.361 / Virus Database: 199 - Release
>Date: 07/05/02
>
>---
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system
>(http://www.grisoft.com).
>Version: 6.0.361 / Virus Database: 199 - Release
>Date: 07/05/02
>
>
>--
>PHP Database Mailing List (http://www.php.net/)
>To unsubscribe, visit:
http://www.php.net/unsub.php
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.361 / Virus Database: 199 - Release
Date: 07/05/02
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
