Jump to content

mysql_real_escape_string help

unrelenting

By unrelenting
in PHP Coding Help

 Share

Recommended Posts

tmbrown Newbie

tmbrown

Posted
Posted

Try escaping the '&'

 

A\&M

 

you can do a

 

str_replace("&","\&",$_POST['c_s_r']);

 

on the submission of your form to do it for you.  however the best thing to do would be to make an array with values that need to be escaped and run an if statement checking to see if any of the objects in the array are in the submitted value and replace them with their escaped versions.

Link to comment
Share on other sites
unrelenting Member

unrelenting

Posted
  • Author
Posted

Was the team name escaped when inserting it into the database?

 

The name is sent via a $_GET from another page like this:

 

teamname.php?opponent=Texas A&M

 

Then from there I escape it like $c_s_r = mysql_real_escape_string($_GET['c_s_r'], $con); before running the query.

 

This is the only opponent that is going to have the & symbol in it that would need special attention.

Link to comment
Share on other sites
unrelenting Member

unrelenting

Posted
  • Author
Posted

why are u passing a full text string via GET? unless u using a modrewrite?

 

I don't understand what you mean?

 

I have a schedule table that shows a full schedule for each year. In there I have a link to click on whatever team name to see all of the games played against that particular team. It's a link that I just append the $team variable to that is parsed and displayed in a separate script.

Link to comment
Share on other sites
thebadbad Newbie

thebadbad

Posted
Posted
teamname.php?opponent=Texas A&M

 

This will set $_GET['opponent'] to 'Texas A' and $_GET['M'] (to no value). Query string values can't contain literal ampersands, as that marks the next name=value pair.

 

And now I realised that DarkWater's got the solution for you :)

Link to comment
Share on other sites
unrelenting Member

unrelenting

Posted
  • Author
Posted

a url of

mysite.com/team.php?id=5

instead of

mysite.com/team.php?team=Texas A&M

 

queries faster and doesn't need to be urlencoded.

 

Unless u are using modrewrite I don't see the need for a full text

 

I see your point but the table doesn't have separate ID's for each individual team. That would involve editing an 1100 row database. That would take me forever.  :-\

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

so then did u build indexes on the field for the team names to improve your queries?

 

the primary key for a table shouldn't never be used it should be used very often because most of the time MyISAM queries that JOIN/GROUP BY or WHERE by primray keys are extremely fast when compared to other fields that are or aren't indexed.

Link to comment
Share on other sites
unrelenting Member

unrelenting

Posted
  • Author
Posted

so then did u build indexes on the field for the team names to improve your queries?

 

the primary key for a table shouldn't never be used it should be used very often because most of the time MyISAM queries that JOIN/GROUP BY or WHERE by primray keys are extremely fast when compared to other fields that are or aren't indexed.

 

I am a PHP/MYSQL novice that just does this as more or less, a hobby. I don't know all of the ins and outs of being more efficient. I just do my best learning these things as I go from tutorials and people like you.

 

I just added the id number and made it the primary because most of the tables I have ever tinkered with had the first column set as an ID and it is normally made the primary. I had no idea what it does.

 

Should I build indexes for all of my fields? How do I know which ones I should do this to?

 

I'm here to learn.

Link to comment
Share on other sites
cooldude832 Advanced Member

cooldude832

Posted
Posted

well i'm glad you are here to learn

 

When you get farther along into MySQL and start having tables be related to each other the primary key's become useful because you can JOIN tables on a primary/foreign key relationship.

 

The primary key is useful in a lot of cases such as when you update a table if u want to know which row to update you can carry that primary key via a hidden form input.

 

 

What is your db structure for this project?

Link to comment
Share on other sites
unrelenting Member

unrelenting

Posted
  • Author
Posted

well i'm glad you are here to learn

 

When you get farther along into MySQL and start having tables be related to each other the primary key's become useful because you can JOIN tables on a primary/foreign key relationship.

 

The primary key is useful in a lot of cases such as when you update a table if u want to know which row to update you can carry that primary key via a hidden form input.

 

 

What is your db structure for this project?

 

I emailed you a dump of it. There are lots of fields.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.