[PHP] Should I convert special characters before writing them to a table?
The reason I ask is, I'm having a problem processing rows in a table that contain single quotes (specifically, the PHP code I wrote that allows the user to duplicate a row doesn't work if the a field in the row has a single quote in it). Would it be better for me to strip out the single quotes before the rows are written, replacing them with another special [harmless] character, and just dynamically swapping that character out for the orginal when the row is displayed? Any thoughts? I just started doing this PHP/MySQL thing a couple weeks ago, and I realize I have a lot to learn. Any suggestions would be much appreciated. Oh, and by the way, here is the PHP code for duplicating rows that fails to execute when a field in the row it's processing contains a single quote. = // DUPLICATE if ($action == dup) { $result = mysql_query(SELECT * FROM $table WHERE id=$id,$db); $myrow = mysql_fetch_array($result); $comma = ; for ($i = $priv; $i $columns; $i++) { $fld = mysql_field_name($fields, $i); $set .= $comma.$fld='.$myrow[$i].'; $comma = , ; } // run SQL against the DB $sql = INSERT $table SET $set; $result = mysql_query($sql); $affected = $id; echo td width=10img border=0 src=../../common/spacer.gif width=10 height=1/tdtd align=center valign=middle bgcolor=#eespan class=adminnormalgreyRecord duplicated/span/td; } = Thanks. ...Rene --- Rene Fournier [EMAIL PROTECTED] _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Should I convert special characters before writing them to a table?
René Fournier [EMAIL PROTECTED] wrote: The reason I ask is, I'm having a problem processing rows in a table that contain single quotes (specifically, the PHP code I wrote that allows the user to duplicate a row doesn't work if the a field in the row has a single quote in it). Try addslashes() before executing the query and stripslashes() when retrieving data from the db. See the online manual for more details. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Should I convert special characters before writing them to a table?
Try addslashes() before executing the query and stripslashes() when retrieving data from the db. See the online manual for more details. I think stripslashes() isn't needed when retrieving data from the db, it is needed only in the query string to protect special chars from interpretting them as sql. Arpi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Should I convert special characters before writing them to a table?
Arpad Tamas [EMAIL PROTECTED] wrote: I think stripslashes() isn't needed when retrieving data from the db, it is needed only in the query string to protect special chars from interpretting them as sql. I want to say this isn't true, but maybe that depends on the configuration of PHP (I'm thinking magic quotes settings off-hand). From experience I know that stripslashes() can be needed when retrieving data from a db. Just today I've had to do so for clients separately using PostgreSQL and MySQL. YMMV. -- Steve Werby President, Befriend Internet Services LLC http://www.befriend.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]