Posted by Rik on 04/24/07 19:38

misiek wrote:
> Problem with saving a text with a single quote.
> I have the magic_quotes_gpc on in PHP
> and get_magic_quotes_gpc() return true. But php still adding backslash
> before single quote, when I refresh a site it adds two more.
>
> Basicly I cannot save a text do DB.
>
> I am just reading this site
> http://www.php-mysql-tutorial.com/mysql-php-guestbook.php
> and found info but is not really helpful because is not working for me
>
>
> "
> Sometimes a message can contain single quotes, we need to escape these
> single quotes ( replacing it with \' ) otherwise MySQL will think that
> it's the end of a string and the query will fail. We use the
> addslashes() function to escape the string.

addslashes() isn't really qualified to do it right...

> Unfortunately some web hosts set the magic_quotes_gpc setting on. This
> will make values containing single-quotes in $_GET, $_POST and $_COOKIE
> will be automatically escaped. If we use addslashes() when the string is
> already escaped the result would be a mess.
>
> To check if magic_quotes_gpc is On use get_magic_quotes_gpc(). If it
> returns true then we don't have to call addslashes().
> "
>


Hmmmz, magic_quotes are evil... Try to disable it in an
php.ini/httpd.conf/.htaccess file if you can.


Meanwhile this seems to work:

function stripslashes_deep($var){
if(is_scalar($var)) return stripslashes($var);
if(is_array($var)){
foreach($var as $key => $value){
$var[$key] = stripslashes_deep($value);
}
return $var;
}
//probably an object, we have no logic for that:
return $var;
}

if(get_magic_quotes_gpc()){
$_POST = stripslashes_deep($_POST);
$_GET = stripslashes_deep($_GET);
$_COOKIE = stripslashes_deep($_COOKIE);
}

And just use mysql_real_escape_string() an values used in queries on a
mysql database. Save for prepared statements it's the best for it's job.

> it sound like I should be good because the function add a backslash
> before single quote so why I cannot save to database ?
>
> What I can do about that ?

Echo mysql_error(), and read & fix it's error message?


--
Rik Wasmus

Estimated date being able to walk again: 01-05-2007.
Less then a week, hurray!

• Next in forum: Re: sessions in FF and IE
• Prev in forum: Re: $ sign input
• Thread view: Re: single quotes and saving to mysql

[Reply to this message]