unrelenting Posted August 31, 2008 Share Posted August 31, 2008 $c_s_r = mysql_real_escape_string($_POST['c_s_r'], $con); I use this before my database queries. The problem is when I need to query an 'A&M' team name. It won't allow the & symbol. How do I get around that but continue to escape the variable? Quote Link to comment Share on other sites More sharing options...
tmbrown Posted August 31, 2008 Share Posted August 31, 2008 Try escaping the '&' A\&M you can do a str_replace("&","\&",$_POST['c_s_r']); on the submission of your form to do it for you. however the best thing to do would be to make an array with values that need to be escaped and run an if statement checking to see if any of the objects in the array are in the submitted value and replace them with their escaped versions. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted August 31, 2008 Share Posted August 31, 2008 Was the team name escaped when inserting it into the database? Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 Was the team name escaped when inserting it into the database? The name is sent via a $_GET from another page like this: teamname.php?opponent=Texas A&M Then from there I escape it like $c_s_r = mysql_real_escape_string($_GET['c_s_r'], $con); before running the query. This is the only opponent that is going to have the & symbol in it that would need special attention. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted August 31, 2008 Share Posted August 31, 2008 The name should be urlencode()'d then urldecode()'d to work properly. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted August 31, 2008 Share Posted August 31, 2008 why are u passing a full text string via GET? unless u using a modrewrite? Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 The name should be urlencode()'d then urldecode()'d to work properly. Brilliant. I feel like a dummy. Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 why are u passing a full text string via GET? unless u using a modrewrite? I don't understand what you mean? I have a schedule table that shows a full schedule for each year. In there I have a link to click on whatever team name to see all of the games played against that particular team. It's a link that I just append the $team variable to that is parsed and displayed in a separate script. Quote Link to comment Share on other sites More sharing options...
thebadbad Posted August 31, 2008 Share Posted August 31, 2008 teamname.php?opponent=Texas A&M This will set $_GET['opponent'] to 'Texas A' and $_GET['M'] (to no value). Query string values can't contain literal ampersands, as that marks the next name=value pair. And now I realised that DarkWater's got the solution for you Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted August 31, 2008 Share Posted August 31, 2008 a url of mysite.com/team.php?id=5 instead of mysite.com/team.php?team=Texas A&M queries faster and doesn't need to be urlencoded. Unless u are using modrewrite I don't see the need for a full text Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 a url of mysite.com/team.php?id=5 instead of mysite.com/team.php?team=Texas A&M queries faster and doesn't need to be urlencoded. Unless u are using modrewrite I don't see the need for a full text I see your point but the table doesn't have separate ID's for each individual team. That would involve editing an 1100 row database. That would take me forever. :-\ Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted August 31, 2008 Share Posted August 31, 2008 so what is your table's primary key? and no it wouldn't take forever to add an id for each team. Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 so what is your table's primary key? and no it wouldn't take forever to add an id for each team. just a simple id. Basically nothing more than a number for each row. It isn't even used. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted August 31, 2008 Share Posted August 31, 2008 so then did u build indexes on the field for the team names to improve your queries? the primary key for a table shouldn't never be used it should be used very often because most of the time MyISAM queries that JOIN/GROUP BY or WHERE by primray keys are extremely fast when compared to other fields that are or aren't indexed. Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 so then did u build indexes on the field for the team names to improve your queries? the primary key for a table shouldn't never be used it should be used very often because most of the time MyISAM queries that JOIN/GROUP BY or WHERE by primray keys are extremely fast when compared to other fields that are or aren't indexed. I am a PHP/MYSQL novice that just does this as more or less, a hobby. I don't know all of the ins and outs of being more efficient. I just do my best learning these things as I go from tutorials and people like you. I just added the id number and made it the primary because most of the tables I have ever tinkered with had the first column set as an ID and it is normally made the primary. I had no idea what it does. Should I build indexes for all of my fields? How do I know which ones I should do this to? I'm here to learn. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted August 31, 2008 Share Posted August 31, 2008 well i'm glad you are here to learn When you get farther along into MySQL and start having tables be related to each other the primary key's become useful because you can JOIN tables on a primary/foreign key relationship. The primary key is useful in a lot of cases such as when you update a table if u want to know which row to update you can carry that primary key via a hidden form input. What is your db structure for this project? Quote Link to comment Share on other sites More sharing options...
unrelenting Posted August 31, 2008 Author Share Posted August 31, 2008 well i'm glad you are here to learn When you get farther along into MySQL and start having tables be related to each other the primary key's become useful because you can JOIN tables on a primary/foreign key relationship. The primary key is useful in a lot of cases such as when you update a table if u want to know which row to update you can carry that primary key via a hidden form input. What is your db structure for this project? I emailed you a dump of it. There are lots of fields. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.