...

View Full Version : Apostrophe crashing PHP Form Script



gc40
11-27-2007, 05:49 AM
When I try to update a php script that writes my form entries to the database it fails. It usually works, however, when I use the ' apostrophe, it crashes.

What must I add to my code to allow the ' or ` symbol to be ignored and not crash the system?

abduraooft
11-27-2007, 07:09 AM
Post your relevant code, there should be some workarounds!

gc40
11-27-2007, 07:12 AM
I end up using addslashes. Thanks.

_Aerospace_Eng_
11-27-2007, 04:02 PM
You really should be using mysql_real_escape_string not addslashes. Here is a function I use

function escape_data($data)
{
global $con;
if (ini_get('magic_quotes_gpc'))
{
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $con);
}
$con is the variable that you assigned mysql_connect() so you can change $con to whatever that variable is.

$var = escape_data($_POST['someinput']);

aedrin
11-27-2007, 04:13 PM
global $con;



Global?

Ahri
11-27-2007, 04:17 PM
Globals: "when you just don't care about State" ;)

But seriously, nearly everyone uses a 'globalised' $db variable in some form or another. I personally use a static class method as a sort of singleton. I'm too lazy to pass $db around everywhere.

aedrin
11-27-2007, 04:23 PM
I personally use a static class method as a sort of singleton.

I find this the preferred method of making the DB connection available.

I was just commenting on the use of the global keyword (something which should not be used unless there is no other way).

_Aerospace_Eng_
11-27-2007, 05:55 PM
I find this the preferred method of making the DB connection available.

I was just commenting on the use of the global keyword (something which should not be used unless there is no other way).

mysql_real_escape_string needs the database connection. I could do something like this

function escape_data($data,$dbcon)
{
if (ini_get('magic_quotes_gpc'))
{
$data = stripslashes($data);
}
return mysql_real_escape_string($data, $dbcon);
}
Then do this

$var = escape_data($_POST['someinput'],$con);
but that seems like an unnecessary step.

aedrin
11-27-2007, 06:00 PM
Using a static singleton would be like this:



$var = escape_data($_POST['someinput'], DB::getInstance());


Which is short and simple.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum