|
|
Posted by Ian Rastall on 06/29/05 05:25
On 28 Jun 2005 19:01:02 -0800, yf110@vtn1.victoria.tc.ca (Malcolm
Dew-Jones) wrote:
> $value = "this', 'will mess things up";
>
> $sql1 = "insert into tbl values ('$value')"; # inserts 2 columns!
>
> $esc_value = mysql_escape_string($value);
>
> $sql2 = "insert into tbl values ('$esc_value')"; # this is correct
Hi Malcolm. From my palty understanding of PHP, :-), it seems as if
you're talking about inserting values into a database. The values I'm
worried about are already in there. I use phpMyAdmin to build my
database, and I can see when I browse the table in question that the
apostrophes aren't causing a problem.
The HTML/PHP prints out the string just fine on the web page
(apostrophe and all). This is a string which can be clicked on, at
which point the browser sends the text of the link back to the
database, asking for a record with that string. It doesn't find it,
because the apostrophe is messing things up somehow. I would guess
this is a query somewhere in my HTML/PHP document, perhaps:
$album=mysql_escape_string($_GET['album']);
or
$query_rsDaevid = "SELECT * FROM daevid ORDER BY $sort_order ASC";
Nothing seems to help, though, and this is probably a simple thing (to
someone else, at least). :-) Sorry if I'm taking up too much space on
the ng. Just developing a real headache over this.
Ian
--
Was it not a comedy, a strange and stupid
matter, this repetition, this running around
in a fateful circle? (Hermann Hesse)
http://www.bookstacks.org/
Navigation:
[Reply to this message]
|