Hi Mike,
To be perfectly honest, other than being a Microsoft thing, I don't really
know what .NET is. Pretty pathetic, huh? :)
This is some PHP code on Linux. I suspect it was originally written on a
Microsoft operating system because when I edit the files, my editor reports
the textfiles as being "dos" (they contain carriage-return and linefeeds at
the end of each line).
I hear you about the []; I *wish* I could use them. Proper quoting inside
of PHP is very painful:
$query = "INSERT INTO $database_table
(id, day, month, date, year, category, title, body, showpref)
VALUES (null,
'" . sqlite_escape_string($_POST['the_day']) . "',
'" . sqlite_escape_string($_POST['the_month']) . "',
'" . sqlite_escape_string($_POST['the_date']) . "',
(snip)
The stuff that looks quoted (the middle section) is actually the stuff
outside the language quotes, but inside the quoted quotes. Gruesome.
But if I don't use sqlite_escape_string, single quotes cause a "SQL logic or
missing database" error.
But then, if I use sqlite_escape_string, I have to test get_magic_quotes_gpc
and use stripslashes, and Eugene recommended. Hard to believe there isn't a
better way of doing this!
Pete
On Thu 17 Mar 05, 5:59 AM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> said:
> Are you using the SQLite .NET provider? Just curious, anyway, SQLite also
> supports using [ ] instead of " " and believe me it's a good thing, using
> " " as delimiters is a poor choice considering this conflicts with almost
> all languages when it comes to string concatenation. In fact, I recommend
> use [ ] over " " all of the time, however, the SQLite .NET managed driver
> has issues with the [ ] delimiter style.
>
>
> > I've nearly completed converting Wheatblog to sqlite. It's been quite a
> > learning experience! I've come across a problem I haven't been able to
> > figure out, though.
> >
> > Whenever I made a blog post that had a forward quote character (') in
> > either
> > the title or the body of the post, I'd get an error.
> >
> > After a little Googling, I changed my query to:
> >
> >
> > $query = "INSERT INTO $database_table
> > (id, day, month, date, year, category, title, body, showpref)
> > VALUES (null,
> > '" . sqlite_escape_string($_POST['the_day']) . "',
> > '" . sqlite_escape_string($_POST['the_month']) . "',
> > '" . sqlite_escape_string($_POST['the_date']) . "',
> > '" . sqlite_escape_string($_POST['the_year']) . "',
> > '" . sqlite_escape_string($_POST['the_category']) . "',
> > '" . sqlite_escape_string($_POST['the_title']) . "',
> > '" . sqlite_escape_string($_POST['the_body']) . "',
> > '" . sqlite_escape_string($_POST['the_showpref']) . "')";
> >
> > DB_query($query, $db);
> >
> > and the definition of DB_query is:
> >
> >
> > function DB_query($cmd, $db)
> > {
> > $retval = sqlite_query($db, "$cmd")
> > or die('Query Error: ' .
> > sqlite_error_string(sqlite_last_error($db)));
> >
> > return $retval;
> > }
> >
> > This works in the sense that forward quotes no longer generate an error.
> > However, whenever I print out a blog post, the forward quotes are all
> > escaped. So if I post:
> >
> > This contains a ' character.
> >
> > The post, when printed looks like:
> >
> > This contains a \' character.
> >
> > What's the proper way to ensure that ' characters are properly quoted but
> > don't show up in the output?
--
Save Star Trek Enterprise from extinction: http://www.saveenterprise.com
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
