Posted by Erwin Moller on 08/26/05 11:48

Doug Johnston wrote:

> Hi,
>
> I am having problems with running urlencode(select * from myfile where
> field like '%0002%'), in particular the like section, what I get is...
> like+%27%250002%25%27
> ...which is fine, but when i decode it I get...
> like \'02\'
> ...I get backslashes before the single quotes and 2 of the leading
> zeroes in 0002 are missing.
>
> Does any have any clues?
>
> Regards
> Doug Johnston


Hi,

Not on my machine...
I made this little script to test.

<?
$astr = "select * from myfile where field like '%0002%'";
$enc = urlencode($astr);
$dec = urldecode($enc);

echo "astr = ".htmlentities($astr)."<br>";
echo "enc = ".htmlentities($enc)."<br>";
echo "dec = ".htmlentities($dec)."<br>";
?>

which produces:

astr = select * from myfile where field like '%0002%'
enc = select+%2A+from+myfile+where+field+like+%27%250002%25%27
dec = select * from myfile where field like '%0002%'

Does it produce the same on your machine?

You must be adding slashes somewhere to make it 'safe'.
Maybe your php.ini settings are doing things you are not aware of?

by the way: Everybody can make their onw queries, and updates, if you pass
around SQL-commands like this...
Please reconsider your design...


Regards,
Erwin Moller

[Back to original message]