Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Aug 2007
    Posts
    46
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Apostrophe crashing PHP Form Script

    When I try to update a php script that writes my form entries to the database it fails. It usually works, however, when I use the ' apostrophe, it crashes.

    What must I add to my code to allow the ' or ` symbol to be ignored and not crash the system?

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,862
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Post your relevant code, there should be some workarounds!
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    New Coder
    Join Date
    Aug 2007
    Posts
    46
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I end up using addslashes. Thanks.

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You really should be using mysql_real_escape_string not addslashes. Here is a function I use
    PHP Code:
    function escape_data($data)
    {
        global 
    $con;
        if (
    ini_get('magic_quotes_gpc'))
        {
            
    $data stripslashes($data);
        }
        return 
    mysql_real_escape_string($data$con);

    $con is the variable that you assigned mysql_connect() so you can change $con to whatever that variable is.
    PHP Code:
    $var escape_data($_POST['someinput']); 
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    PHP Code:
        global $con
    Global?

  • #6
    New Coder
    Join Date
    May 2007
    Location
    Manchester, UK
    Posts
    72
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Globals: "when you just don't care about State"

    But seriously, nearly everyone uses a 'globalised' $db variable in some form or another. I personally use a static class method as a sort of singleton. I'm too lazy to pass $db around everywhere.
    Every PHP programmer of any skill level should set error_reporting(E_ALL); at the top of their scripts or in their php.ini

  • #7
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Quote Originally Posted by Ahri View Post
    I personally use a static class method as a sort of singleton.
    I find this the preferred method of making the DB connection available.

    I was just commenting on the use of the global keyword (something which should not be used unless there is no other way).

  • #8
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Quote Originally Posted by aedrin View Post
    I find this the preferred method of making the DB connection available.

    I was just commenting on the use of the global keyword (something which should not be used unless there is no other way).
    mysql_real_escape_string needs the database connection. I could do something like this
    PHP Code:
    function escape_data($data,$dbcon)
    {
        if (
    ini_get('magic_quotes_gpc'))
        {
            
    $data stripslashes($data);
        }
        return 
    mysql_real_escape_string($data$dbcon);

    Then do this
    PHP Code:
    $var escape_data($_POST['someinput'],$con); 
    but that seems like an unnecessary step.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #9
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Using a static singleton would be like this:

    PHP Code:
    $var escape_data($_POST['someinput'], DB::getInstance()); 
    Which is short and simple.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •