Posted by Paul Furman on 08/09/07 22:57

mysql_real_escape_string() is apparently chopping off anything that
follows a quote when I grab the data & put it in a form for editing.
Sorry if I'm not explaining this properly, I'm pretty confused about
what's going on but I'm guessing someone recognizes this problem.

I have code like this:

function db_safe($str) {
$str = addslashes($str);
return $str;
}

function html_safe($str) {
$str = stripslashes($str);
return $str;
}

That's on my live server, I'm not sure if magic quotes is on there or I
forgot to update because my test server version look like:

function db_safe($str) {
// $str = addslashes($str);
$str = mysql_real_escape_string($str);


Anyways then there's code like this:

if (isset($_REQUEST["submit"])) {
$latin_name = html_safe($_REQUEST["latin_name"]);


if ((isset($_REQUEST["option"])) && ($_REQUEST["option"] == "update")) {
$id = $_REQUEST["id"];
$latin_name=db_safe($latin_name);


and this is where it's chopping off text after the quote:


<form action=.......
<input type='text' size='57' name='latin_name' value="<?=$latin_name?>">

• Next in forum: Re: mysql_real_escape_string() chopping off after quotes
• Prev in forum: Re: Escaping for PHP and MySQL
• Thread view: mysql_real_escape_string() chopping off after quotes

[Reply to this message]