Magic quotes

[jkkenzie]

magic quotes adds backslashes to my variable which already has backslashes.:

 

function:

 function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

 

where i add to table:

$insertSQL = sprintf("INSERT INTO events (id, Teasertitle, Teasertxt, Brief, Speaker, Information, Caption, Highres,Venue, Keywords, Enddate, Startdate, Active, Category) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
                       GetSQLValueString($_POST['id'], "int"),
                       GetSQLValueString($_POST['Teasertitle'], "text"),
                       GetSQLValueString($_POST['Teasertxt'], "text"),
                       GetSQLValueString($_POST['Brief'], "text"),
                       GetSQLValueString($_POST['Speaker'], "text"),
                       GetSQLValueString($_POST['Information'], "text"),
                       GetSQLValueString($_POST['Caption'], "text"),
                       GetSQLValueString($_POST['Highres'],"file"),
				   GetSQLValueString($_POST['Venue'], "text"),
                       GetSQLValueString($_POST['Keywords'], "text"),
                       GetSQLValueString($_POST['Enddate'], "date"),
                       GetSQLValueString($_POST['Startdate'], "date"),
                       GetSQLValueString(isset($_POST['Active']) ? "true" : "", "defined","1","0"),
                       GetSQLValueString($_POST['Category'], "text"));

 

 

My GetSQLValueString($_POST['Highres'],"file"), is a file field to pick the location of the file or picture.

 

When i echo the $_POST['Highres'], i get something close to :

C:\\my computer\\xampp\\htdocs\\mywesite\\picture\\djghdfjg.jpg

 

any idea

 

[wildteen88]

That path is fine. If you changed the \\ to \ you may exprience strange results/errors.

[CroNiX]

You should really be using mysql_real_escape_string() instead of addslashes().

[jkkenzie]

The mysql_real_escape_string() did not work, the same error.

how can \\ be ok??

 

Or i just omit magic quotes, because it is not working well?

 

Thanks

Joseph

[kenrbnsn]

Change your paths to use "/" instead of "\". Using a forward slash will work in PHP on Windows and then you don't run into that problem.

 

Ken

[jkkenzie]

I have realised that the problem is not with magic quotes. It is my POST that does this. I have no idea what causes the slashes to be added.??

 

Any help

[PFMaBiSmAd]

Perhaps you should read what magic quotes does - http://us2.php.net/magic_quotes

 

POST data is automatically escaped by magic_quotes_pgc and since this (and addslashes()) does not escape all the special characters that can break a query, your code needs to test if magic_quotes_gpc is on, using get_magic_quotes_gpc(), and if it is, you need to strip the slashes and then use mysql_real_escape_string() on the data to escape all of the special characters.

[jkkenzie]

When i post from my form a value = something "c:\my computer\my pictures\me.jpg" the value when echoed becomes "c:\\my computer\\my pictures\\me.jpg", can magic quotes be used here to get "c:\my computer\my pictures\me.jpg" as the posted value??

[MasterACE14]

you might be able to use stripslashes();