Results 1 to 9 of 9

Thread: escaping quotes before reinsertion into database

  1. #1
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,731
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default escaping quotes before reinsertion into database

    If I retrieve a document from my database and assign it to $test, such as

    $test=""hello"";

    I am unable to reinsert it into the database. An error pops up. This is due to the fact that the quotes that were stored in the database can't be reinserted into the database without escaping the quotes so that it looks like:

    $test="\"hello\"";

    Now it is correct, however now I have slashes in my database field where previously there weren't any.

    How can I reinsert the data into my database without the slashes?
    Last edited by james438; 03-12-2010 at 04:27 AM.
    To choose the lesser of two evils is still to choose evil. My personal site

  2. #2
    Join Date
    Aug 2005
    Location
    Other Side of My Monitor
    Posts
    3,486
    Thanks
    5
    Thanked 105 Times in 104 Posts
    Blog Entries
    1

    Default

    It may be depreciated now, depends on your version of SQl ( a lot!) but there is the escape clause... so you could try:

    Code:
    Statement statement = // obtain reference to a Statement
    statement.executeQuery(
      "SELECT * FROM TEST  WHERE TEST=/"Hello/"{escape '/'}");
    Defining the escape character where noted.

    Or you can always use single quote ' just use it twice... '' as in ''Hello'' instead of "Hello"
    {CWoT - Riddle } {OSTU - Psycho} {Invasion - Team}
    Follow Me on Twitter: @Negative_Chaos
    PHP Code:
    $result mysql_query("SELECT finger FROM hand WHERE id=3");
    echo 
    $result

  3. #3
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,731
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    My first post was a bit unclear.

    I am using MySQL 5.0

    PHP Code:
    <?php
    include 'include/dbstuff.php';
    $query "SELECT * FROM misc where ID=1";
    $result mysql_query($query,$conn) or die ("Couldn't execute query.");
    while (
    $add_info mysql_fetch_array($result)){
    $ID      $add_info['ID'];
    $summary $add_info['summary'];
    $query1  "update misc set summary='$summary' where ID='$ID'";
    mysql_query($query1) or die ("Couldnnt execute query.$query1");
    }echo 
    "all done";
    ?>
    For example if column summary at row 1 contained the following: "hello,"he said. the above script would give me the error message

    PHP Code:
    Couldnnt execute query.update misc set summary=''hello,' he said' where ID='1' 
    My mistake. Double quotes actually work fine.

    As you can see this can be somewhat problematic when the content is a chapter from a book.
    To choose the lesser of two evils is still to choose evil. My personal site

  4. #4
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,731
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    PHP Code:
    <?php 
    include 'include/dbstuff.php'
    $query "SELECT * FROM misc where ID=1"
    $result mysql_query($query,$conn) or die ("Couldn't execute query."); 
    while (
    $add_info mysql_fetch_array($result)){ 
    $ID      $add_info['ID']; 
    $summary $add_info['summary']; 
    $summary mysql_real_escape_string($summary);
    $query1  "update misc set summary='$summary' where ID='$ID'"
    mysql_query($query1) or die ("Couldnnt execute query.$query1"); 
    }echo 
    "all done"
    ?>
    Solves the problem.
    Last edited by james438; 03-12-2010 at 08:51 AM.
    To choose the lesser of two evils is still to choose evil. My personal site

  5. #5
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,731
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    My solution did not work quite as well as I thought. Slashes are still being added to the database with href="".
    Last edited by james438; 03-12-2010 at 02:50 AM.
    To choose the lesser of two evils is still to choose evil. My personal site

  6. #6
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,731
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    ok, I found the solution.
    PHP Code:
    <?php 
    include 'include/dbstuff.php'
    $query "SELECT * FROM misc where ID=1"
    $result mysql_query($query,$conn) or die ("Couldn't execute query."); 
    while (
    $add_info mysql_fetch_array($result)){ 
    $ID      $add_info['ID']; 
    $summary $add_info['summary']; 
    $summary stripslashes($summary);
    $summary mysql_real_escape_string($summary);
    $query1  "update misc set summary='$summary' where ID='$ID'"
    mysql_query($query1) or die ("Couldnnt execute query.$query1"); 
    }echo 
    "all done"
    ?>
    It should be noted that
    $summary = stripslashes($summary);
    was used because magic-quotes-gpc was turned on. The fact that this is deprecated as of php 5.3 onwards and removed as of 6.0 onwards leads to another question, which I will ask in another thread.
    Last edited by james438; 03-13-2010 at 07:00 AM. Reason: fixed a minor error
    To choose the lesser of two evils is still to choose evil. My personal site

  7. #7
    Join Date
    Nov 2006
    Location
    Northeast USA
    Posts
    408
    Thanks
    8
    Thanked 30 Times in 28 Posts

    Default

    Is that a quadruple post? I'm pretty sure there's a rule against that, ONLY post if you are completely unsure on what to do to make sure you don't boost your post count. Instead, just edit the original post or whichever one came before.
    -Ben -- THE DYNAMIC DRIVERS
    My Links: My DD Profile||My Youtube Video Tutorials||DD Helping Coders||DD Coders In Training
    I told my client to press F5, the client pressed F, then 5, *facepalm*

  8. #8
    Join Date
    Jan 2007
    Location
    Davenport, Iowa
    Posts
    1,731
    Thanks
    82
    Thanked 90 Times in 88 Posts

    Default

    How do you know that I was trying to artificially raise my post count? I think you are really misunderstanding what I was doing. You will notice that I actually have relatively few considering that I have been registered since early 2007. Many others have many more posts than myself and have been registered for only a few months. They had a lot of questions (or solutions), which is great! Most of the time I prefer to read the posts.

    I edited all of the posts in that thread several times. The reason that I posted 4 consecutive times was the first time I felt I should clarify my first post as it was unclear. To edit my first post would be confusing to the casual reader.

    The second of my consecutive posts was because I came up with a solution.

    The third time was because after further testing I found that my solution did not work, so I stated what the problem was, since I was stumped, and hoped that someone could point me in the right direction.

    The fourth and final time was because I came up with a solution and posted the answer. In my last post I also followed the rules and started a new thread for a related, but still different question, but I tried to be helpful and post a link to that new thread in case someone wanted to know more.

    I see nothing wrong with posting the answer to my own questions and feel that it is important to be clear as to the questions as well as the solutions for others who are searching the web with a similar problem. The most common reason for me posting consecutively is when I have a question dealing with PCRE as it is not a favorite topic for people to answer and it can be rather tricky. When I post again in that same PCRE thread it is because I have something to add as far as progress towards a solution or the solution itself.

    It is more important to me to be able contribute something of substance in my posts than to artificially raise my post count. Whether or not my posts do add to the discussion is another matter.
    Last edited by james438; 03-13-2010 at 08:58 AM. Reason: typo and grammar fixes
    To choose the lesser of two evils is still to choose evil. My personal site

  9. #9
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 517 Times in 503 Posts
    Blog Entries
    5

    Default

    Quote Originally Posted by fileserverdirect View Post
    Is that a quadruple post? I'm pretty sure there's a rule against that...
    ...huh? are you serious?

    Edit: who cares about artificially inflated post counts? I'm pretty sure James isn't a troll.


    Edit: {edit #2} just to be on-topic, @james: yeah, I hate magic quotes.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •