tcsnguy08 Posted January 9, 2009 Share Posted January 9, 2009 Hello I haven't had this problem before, but it just started occuring. I am putting a serialized array into my database. Before entering into the database i print_r the array and to debug and it appears as it should, it even comes out right when I add quotes marks to the entry ie. Joe's appears as mysql safe Joe\'s. However, when I try to recall the info from my database, even though the info is being saved into the database as Joe\'s it is being pulled out as Joe's, and therefore the query is not pulling the full row only upto the first ' mark, or the row fails all together. I print_r the serialized array after it is being inserted into the database and it displays this: a:1:{i:1;s:7:"John\'s";} Which is what it needs to do, but, when it pulls it from the database, it strips the slashes but, if I do an addslashes on my mysql_query when pulling out the serialized array, it fails, because the quote isn't escaped. Can anyone suggest a fix for this as I have spent hours thrying to debug this one problem and since If I don't put quotes ' in my serialized array it works and displays fine, I know it is because of the ' mark as it won't display on a few of my other pages as well. Thanks for any suggestions. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 9, 2009 Share Posted January 9, 2009 Code? Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 this is the code used to insert the array into the database: $gigs = @serialize($_SESSION['gigs']); $gigaddress = @serialize($_SESSION['gigaddress']); $gigcity = @serialize($_SESSION['gigcity']); $gigcountry = @serialize($_SESSION['gigcountry']); $gigstate = @serialize($_SESSION['gigstate']); $gigzip = @serialize($_SESSION['gigzip']); $gigtimedate = @serialize($_SESSION['gigtimedate']); $gigcover = @serialize($_SESSION['gigcover']); $gigcomment = @serialize($_SESSION['gigcomment']); $email = $_SESSION['bandlogin']; $gigsyes = "yes"; mysql_connect("localhost" , "******" , "*******")or die('Database is not responding.'); mysql_select_db("******") or die('Unable to connect to database'); mysql_query("UPDATE giglists SET gigs = '$gigs', gigaddress = '$gigaddress', gigcity = '$gigcity', gigcountry = '$gigcountry', gigstate= '$gigstate', gigzip = '$gigzip', gigtimedate = '$gigtimedate', gigcover = '$gigcover', gigcomments = '$gigcomment' WHERE gigemail = '$email'") or die ('Could not reach database' . mysql_error());;; mysql_query("UPDATE Userinfo SET gigs = '$gigsyes' WHERE email = '$email'") or die ('Could not reach database' . mysql_error());;; mysql_close(); unset($_SESSION['gigs']); unset($_SESSION['gigcity']); unset($_SESSION['gigcountry']); unset($_SESSION['gigaddress']); unset($_SESSION['gigstate']); unset($_SESSION['gigzip']); unset($_SESSION['gigtimedate']); unset($_SESSION['gigcover']); unset($_SESSION['gigcomment']); print_r($gigs); This is used to debug and make sure that the above $gigs is actually escaping quotes and it is. This is the code I use to pull the data from the database: mysql_connect("localhost" , "******" , "******") or die('Database is not responding.'); mysql_select_db("******") or die('Unable to connect to database'); $match2 ="SELECT * FROM giglists WHERE gigemail = '$stemail'"; $qry2 = mysql_query($match2) or die('Could not match data because of database error' . mysql_error());; $num_rows2 = mysql_num_rows($qry2); while ($row2 = mysql_fetch_array($qry2)){ print_r($row2['gigs']); if ($row2['gigs'] !==""){ $_SESSION['gigs'] = @unserialize($row2['gigs']); $_SESSION['gigtimedate'] = @unserialize($row2['gigtimedate']); $_SESSION['gigcover'] = @unserialize($row2['gigcover']); $_SESSION['gigcomment'] = @unserialize($row2['gigcomments']); $_SESSION['gigstate'] = @unserialize($row2['gigstate']); $_SESSION['gigcity'] = @unserialize($row2['gigcity']); $_SESSION['gigaddress'] = @unserialize($row2['gigaddress']); $_SESSION['gigcountry'] = @unserialize($row2['gigcountry']); $_SESSION['gigzip'] = @unserialize($row2['gigzip']); } } The code above that is supposed to be setting the sessions isn't setting the gigs vairables when the $gigs array inserted in the first section contains an entry with a quote. So I am led to believe that the array is being entered with no quotes, even though when I print_r($gigs), it displays the serialized array with the /'. Thanks for any help! Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 I have attempted $_SESSION['gigs'] = addslashes($_POST['gigs']) but this still doesn't addslashes, and as I said before, the array prints via print_r with an apostrophe being escaped with a slash \' so it has to be inserted with the slash right? That is my problem, the data somehow isn't being saved into the database with the slash. Just wanted to add this last bit to narrow down my problem. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 9, 2009 Share Posted January 9, 2009 Are each of those variables arrays? Serialize & unserialize only have to be used with arrays & objects. Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 yeah each of the values being serialized and unserialized are arrays for instance $_SESSION['gigs'][1] = "john's"; $_SESSION['gigs'][2] = "bob's"; $gigs = serialize($_SESSION['gigs']); To be inserted into mysql the above should be john\'s bob\'s. When I print_r($gigs) after $gigs has been entered into the database, each value as it is serialized has been escaped. ie. john's is now john\'s. But when it is put into the database, or pulled from the database, the escapes are gone and the full row doesn't work because it hits the apostrophe. Can someone suggest to me why if I print_r($gigs) which is inserted into the database, it has the apostrophe's escaped. But, when it is in the database, or being pulled from the database, the slashes are gone? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 9, 2009 Share Posted January 9, 2009 You should be using mysql_real_escape_string, not addslashes. When the escaped string is put into the database, the escape character, "\", is removed before the data is actually stored. Whether the quote is escaped when the information is pulled from the database is dependent on whether magic-quotes-runtime is set. What do you mean by and the full row doesn't work because it hits the apostrophe. Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 I tried mysql_real_escape_string on my initial declaration that isn't included in my code sample. ie. $_SESSION['gigs'] = mysql_real_escape_string($_POST['gigs']) It still did not insert slashes into the database. What I mean by that is the array is being escaped before being entered into the database and as it is entered into the database. But, when I look at my database record for say an entry named John's, the serialized array value will be John's and not John\'s, and that's what it should be right, or I may also be mistaken too. So when any of my pages goes to pull the information from the database it detects that the row is not empty, but it doesn't pull the data because the John\'s is not escaped. That's the only thing I can think of as the database works fine for items without quotes or apostrophes. Thanks again for any help. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 9, 2009 Share Posted January 9, 2009 Like I said before, the "\" characters are not stored with the data in the database, so you will not see them. How are you determining that but it doesn't pull the data because the John\'s is not escaped. Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 To debug the code further, I told the page pulling the info from the database that if that row !=="" then create sessions of all the info from the required rows in that table. I then print_r the session, and if the session is being set that means the row is unempty, However, the sessions are set, but the session pertaining to the row with the apostrophe is blank. I also print_r the $row before it is set to $_SESSION to debug it, and it prints the serialized array, which I expected because I haven't unserialized it, but again the array value ie. John's is displayed John's not John\'s. So something is occuring either like I said that row is failing because the apostrophe isn't escaped, or the session for that one value is always failing. So the php page knows there is a value in this case a serialized array in that row, but it doesn't pull it out. It only pulls the values from that row when the serialized array does not contain an apostrophe. I have magic_quotes on, so the data being sent from my form is escaped. I haven't had a problem with apostrophe's before. Can you see anything in my code where I am pulling out the data that would cause it to not pull the data fromn that row? Thank you for your help, I know I must be a pain in the arse. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 9, 2009 Share Posted January 9, 2009 Can you post one of the serialized values? Unserialize will fail if something is wrong with the serialized data. If you still have the "@" characters in your code, remove them, since they suppress error messages. There might be an error message that will help solve this problem. Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 Ok code is forthcoming I will post the serialized value (raw row data) . Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 This is the data serialized after it has been put into the database but not pulled back out yet. a:1:{i:1;s:7:"John\'s";} No error messages received. here is the array being pulled from the database now it has multiple escapes: a:1:{i:1;s:7:\"John\'s\";} Thanks for your help Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 yeah now it's adding extra slashes when it pulls the data. Before, it wasn't adding any at all. Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 9, 2009 Share Posted January 9, 2009 Change <?php $_SESSION['gigs'] = @unserialize($row2['gigs']); $_SESSION['gigtimedate'] = @unserialize($row2['gigtimedate']); $_SESSION['gigcover'] = @unserialize($row2['gigcover']); $_SESSION['gigcomment'] = @unserialize($row2['gigcomments']); $_SESSION['gigstate'] = @unserialize($row2['gigstate']); $_SESSION['gigcity'] = @unserialize($row2['gigcity']); $_SESSION['gigaddress'] = @unserialize($row2['gigaddress']); $_SESSION['gigcountry'] = @unserialize($row2['gigcountry']); $_SESSION['gigzip'] = @unserialize($row2['gigzip']); ?> to <?php $_SESSION['gigs'] = unserialize(stripslashes($row2['gigs'])); $_SESSION['gigtimedate'] = unserialize(stripslashes($row2['gigtimedate'])); $_SESSION['gigcover'] = unserialize(stripslashes($row2['gigcover'])); $_SESSION['gigcomment'] = unserialize(stripslashes($row2['gigcomments'])); $_SESSION['gigstate'] = unserialize(stripslashes($row2['gigstate'])); $_SESSION['gigcity'] = unserialize(stripslashes($row2['gigcity'])); $_SESSION['gigaddress'] = unserialize(stripslashes($row2['gigaddress'])); $_SESSION['gigcountry'] = unserialize(stripslashes($row2['gigcountry'])); $_SESSION['gigzip'] = unserialize(stripslashes($row2['gigzip'])); ?> Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 That didn't work. It still displays the array as before with multiple escapes. I will post the form that produces the data as well as the full page that pulls the data. Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 9, 2009 Author Share Posted January 9, 2009 here is the form that produces the data: echo"<head><style> .classa { border-color: #000000; border-width: 2; background-color: #888888; color: #EEEEEE; } select { background-color: #888888; color: #EEEEEE; } </head></style><body bgcolor=\"#000000\"><center><font size=\"3\" face=\"verdana\" color=\"#ffffff\"><b>ADD GIGS TO YOUR ACCOUNT</b><br><br></font><font size=\"2\" face=\"verdana\" color=\"#ffffff\">Fill out the corresponding as completely as possible, Gig Name and, Gig Time and Date, are required. <br>If you are done adding gigs and want to go back to ACCOUNT INFO page, click the DONE button.<br> If you want to submit this gig and add more gigs click the ADD GIGS button.<br> All info such as address, city, state, are not required, but recommended, to give your fans<br> complete information when using our driving directions links.</font> <form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\"> <table bgcolor=\"#FFFFFF\" cellspacing=\"0\" cellpadding=\"0\" width=\"575\"><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\">* <b>GIG NAME/LOCATION:</b></td><td align=\"left\"><input type=\"text\" size=\"30\" name=\"gigs\" class=\"classa\"></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>GIG ADDRESS:</b></td><td align=\"left\"><input type=\"text\" size=\"30\" name=\"gigaddress\" class=\"classa\"></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>GIG CITY:</b></td><td align=\"left\"><input type=\"text\" size=\"30\" name=\"gigcity\" class=\"classa\"></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>GIG STATE:</b></td><td align=\"left\"><select name=\"gigstate\"><option value=\"\" selected>SELECT A STATE</option><option value=\"AL\">AL-Alabama</option><option value=\"AK\">AK-Alaska</option><option value=\"AZ\">AZ-Arizona</option><option value=\"AR\">AR-Arkansas</option><option value=\"CA\">CA-California</option><option value=\"CO\">CO-Colorado</option><option value=\"CT\">CT-Connecticut</option><option value=\"DE\">DE-Delaware</option><option value=\"FL\">FL-Florida</option><option value=\"GA\">GA-Georgia</option><option value=\"HI\">HI-Hawaii</option><option value=\"ID\">ID-Idaho</option><option value=\"IL\">IL-Illinois</option><option value=\"IN\">IN-Indiana</option><option value=\"IA\">IA-Iowa</option><option value=\"KS\">KS-Kansas</option><option value=\"KY\">KY-Kentucky</option><option value=\"LA\">LA-Louisiana</option><option value=\"ME\">ME-Maine</option><option value=\"MD\">MD-Maryland</option><option value=\"MA\">MA-Massachusetts</option><option value=\"MI\">MI-Michigan</option><option value=\"MN\">MN-Minnesota</option><option value=\"MS\">MS-Mississippi</option><option value=\"MO\">MO-Missouri</option><option value=\"MT\">MT-Montana</option><option value=\"NE\">NE-Nebraska</option><option value=\"NV\">NV-Nevada</option><option value=\"NH\">NH-New Hampshire</option><option value=\"NJ\">NJ-New Jersey</option><option value=\"NM\">NM-New Mexico</option><option value=\"NY\">NY-New York</option><option value=\"NC\">NC-North Carolina</option><option value=\"ND\">ND-North Dakota</option><option value=\"OH\">OH-Ohio</option><option value=\"OK\">OK-Oklahoma</option><option value=\"OR\">OR-Oregon</option><option value=\"PA\">PA-Pennsylvania</option><option value=\"RI\">RI-Rhode Island</option><option value=\"SC\">SC-South Carolina</option><option value=\"SD\">SD-South Dakota</option><option value=\"TN\">TN-Tennessee</option><option value=\"TX\">TX-Texas</option><option value=\"UT\">UT-Utah</option><option value=\"VT\">VT-Vermont</option><option value=\"VA\">VA-Virginia</option><option value=\"WA\">WA-Washington</option><option value=\"WV\">WV-West Virginia</option><option value=\"WI\">WI-Wisconsin</option><option value=\"WY\">WY-Wyoming</option><option value=\"DC\">DC-Washington, D.C.</option><option value=\"CN\">CN-Canada</option><option value=\"OC\">OC-Other Countries</option></select></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>GIG ZIPCODE:</b></td><td align=\"left\" valign=\"top\"><input type=\"text\" name=\"gigzip\" size=\"5\" class=\"classa\"></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>* GIG DATE:</b></td><td align=\"left\"><select name=\"gigmonth\"><option value=\"\" selected>SELECT A MONTH</option><option value=\"01\">January</option><option value=\"02\">February</option><option value=\"03\">March</option><option value=\"04\">April</option><option value=\"05\">May</option><option value=\"06\">June</option><option value=\"07\">July</option><option value=\"08\">August</option><option value=\"09\">September</option><option value=\"10\">October</option><option value=\"11\">November</option><option value=\"12\">December</option></select>". " "."<select name=\"gigday\"><option value=\"\" selected>SELECT A DAY</option><option value=\"01\">1</option><option value=\"02\">2</option><option value=\"03\">3</option><option value=\"04\">4</option><option value=\"05\">5</option><option value=\"06\">6</option><option value=\"07\">7</option><option value=\"08\">8</option><option value=\"09\">9</option><option value=\"10\">10</option><option value=\"11\">11</option><option value=\"12\">12</option><option value=\"13\">13</option><option value=\"14\">14</option><option value=\"15\">15</option><option value=\"16\">16</option><option value=\"17\">17</option><option value=\"18\">18</option><option value=\"19\">19</option><option value=\"20\">20</option><option value=\"21\">21</option><option value=\"22\">22</option><option value=\"23\">23</option><option value=\"24\">24</option><option value=\"25\">25</option><option value=\"26\">26</option><option value=\"27\">27</option><option value=\"28\">28</option><option value=\"29\">29</option><option value=\"30\">30</option><option value=\"31\">31</option></select>"." "."<select name=\"gigyear\"><option value=\"\" selected>YEAR</option><option value=\"2008\">2008</option><option value=\"2009\">2009</option></select></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>* GIG TIME:</b></td><td align=\"left\"><select name=\"gigtime\"><option value=\"\" selected>HOUR</option><option value=\"01\">01</option><option value=\"02\">02</option><option value=\"03\">03</option><option value=\"04\">04</option><option value=\"05\">05</option><option value=\"06\">06</option><option value=\"07\">07</option><option value=\"08\">08</option><option value=\"09\">09</option><option value=\"10\">10</option><option value=\"11\">11</option><option value=\"12\">12</option></select>"."<b> : </b>"."<select name=\"gigminute\"><option value=\"\" selected>MINUTE</option><option value=\"00\">00</option><option value=\"15\">15</option><option value=\"30\">30</option><option value=\"45\">45</option></select>". " "."<select name=\"gigmeridian\"><option value=\"AM\" selected>AM</option><option value=\"PM\" selected>PM</option></select></td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>COVER CHARGE:</b></td><td align=\"left\" valign=\"top\">$"." "."<input type=\"text\" name=\"gigcover\" size=\"5\" class=\"classa\">"." ".".00</td></tr><tr><td align=\"left\" valign=\"top\"><font size=\"2\" face=\"verdana\"><b>GIG COMMENTS:</b><br></font><font size=\"1\" face=\"verdana\">ie: 4th of July Bash, Outside Party</font></td><td align=\"left\" valign=\"top\"><input type=\"text\" name=\"gigcomment\" size=\"30\" class=\"classa\"></td></tr><tr><td align=\"center\" valign=\"top\"><br><br><font size=\"1\" face=\"verdana\"><input type=\"image\" src=\"images/addgigs.jpg\" name=\"continue\"><br><b>Submit Add Another Gig</b></td><td align=\"center\" valign=\"top\"><font size=\"1\" face=\"verdana\"><br><br><br><input type=\"image\" src=\"images/donebutton.jpg\" name=\"done\"><br><b>Done Adding Gigs</b></td></tr></table></form><br><br><font size=\"2\" face=\"verdana\"><a href=\"member.php?gigs=yes\">Go Back to Account Info Page</a></font></center></body>"; } } Here is the code that processes the form and if The user presses the done button, which is what I have been testing this with, then it will insert the serialized data into the database and return to the main page: if (isset($_POST['done_x'])){ if ($_POST['gigs'] ==""){ $errorgigempty = true; } if ($_POST['gigmeridian'] =="" or $_POST['gigtime'] =="" or $_POST['gigday'] =="" or $_POST['gigminute'] =="" or $_POST['gigmonth'] =="" or $_POST['gigyear'] ==""){ $errorgigempty = true; } if ($_POST['gigmonth'] =="04"){ if ($_POST['gigday'] =="31"){ $errortoomany = true; } } if ($_POST['gigmonth'] =="06"){ if ($_POST['gigday'] =="31"){ $errortoomany = true; } } if ($_POST['gigmonth'] =="09"){ if ($_POST['gigday'] =="31"){ $errortoomany = true; } } if ($_POST['gigmonth'] =="11"){ if ($_POST['gigday'] =="31"){ $errortoomany = true; } } if ($_POST['gigmonth'] =="02"){ if ($_POST['gigday'] =="29" or $_POST['gigday'] =="30" or $_POST['gigday'] =="31"){ $errortoomany = true; } } $month = $_POST['gigmonth']; $date = $_POST['gigday']; $year = $_POST['gigyear']; $todaymonth = date(m); $todaydate = date(d); $todayyear = date(Y); if ($month < $todaymonth and $year <= $todayyear){ $errordatepassed = true; } if ($month == $todaymonth and $date < $todaydate and $year <= $todayyear){ $errordatepassed = true; } if ($errortoomany !==true and $errorgigempty !==true and $errordatepassed !==true){ if (isset($_SESSION['gigcount'])){ $_SESSION['gigcount'] = ($_SESSION['gigcount'] + 1); } else { $_SESSION['gigcount'] = 1; } $c = $_SESSION['gigcount']; $_SESSION['gigs'][$c] = $_POST['gigs']; $_SESSION['gigaddress'][$c] = $_POST['gigaddress']; $_SESSION['gigcity'][$c] = $_POST['gigcity']; if ($_POST['gigstate'] =="CN"){ $_SESSION['gigcountry'][$c] = $_POST['gigstate']; } if ($_POST['gigstate'] !=="CN" or $_POST['gigstate'] !=="OC"){ $_SESSION['gigcountry'][$c] = "US"; } if ($_POST['gigstate'] =="OC"){ $_SESSION['gigstate'][$c] =""; $_SESSION['gigcountry'][$c] =""; } else { $_SESSION['gigstate'][$c] = $_POST['gigstate']; } if ($_POST['gigmeridian'] =="PM"){ if ($_POST['gigtime'] == "01"){ $gigtime = "13"; } elseif ($_POST['gigtime'] == "02"){ $gigtime = "14"; } elseif ($_POST['gigtime'] == "03"){ $gigtime = "15"; } elseif ($_POST['gigtime'] == "04"){ $gigtime = "16"; } elseif ($_POST['gigtime'] == "05"){ $gigtime = "17"; } elseif ($_POST['gigtime'] == "06"){ $gigtime = "18"; } elseif ($_POST['gigtime'] == "07"){ $gigtime = "19"; } elseif ($_POST['gigtime'] == "08"){ $gigtime = "20"; } elseif ($_POST['gigtime'] == "09"){ $gigtime = "21"; } elseif ($_POST['gigtime'] == "10"){ $gigtime = "22"; } elseif ($_POST['gigtime'] == "11"){ $gigtime = "23"; } } elseif ($_POST['gigmeridian'] =="AM"){ if ($_POST['gigtime'] == "12"){ $gigtime = "00"; } } $_SESSION['gigs'][$c] = $_POST['gigs']; $_SESSION['gigzip'][$c] = $_POST['gigzip']; $gigminute = $_POST['gigminute']; $_SESSION['gigtimedate'][$c] = $year."-".$month."-".$date." ".$gigtime.":".$gigminute.":00"; $_SESSION['gigcover'][$c] = $_POST['gigcover']; $_SESSION['gigcomment'][$c] = $_POST['gigcomment']; $gigs = serialize($_SESSION['gigs']); $gigaddress = serialize($_SESSION['gigaddress']); $gigcity = serialize($_SESSION['gigcity']); $gigcountry = serialize($_SESSION['gigcountry']); $gigstate = serialize($_SESSION['gigstate']); $gigzip = serialize($_SESSION['gigzip']); $gigtimedate = serialize($_SESSION['gigtimedate']); $gigcover = serialize($_SESSION['gigcover']); $gigcomment = serialize($_SESSION['gigcomment']); $email = $_SESSION['bandlogin']; $gigsyes = "yes"; mysql_connect("localhost" , "******" , "******")or die('Database is not responding.'); mysql_select_db("*****") or die('Unable to connect to database'); mysql_query("UPDATE giglists SET gigs = '$gigs', gigaddress = '$gigaddress', gigcity = '$gigcity', gigcountry = '$gigcountry', gigstate= '$gigstate', gigzip = '$gigzip', gigtimedate = '$gigtimedate', gigcover = '$gigcover', gigcomments = '$gigcomment' WHERE gigemail = '$email'") or die ('Could not reach database' . mysql_error());;; mysql_query("UPDATE Userinfo SET gigs = '$gigsyes' WHERE email = '$email'") or die ('Could not reach database' . mysql_error());;; mysql_close(); unset($_SESSION['gigs']); unset($_SESSION['gigcity']); unset($_SESSION['gigcountry']); unset($_SESSION['gigaddress']); unset($_SESSION['gigstate']); unset($_SESSION['gigzip']); unset($_SESSION['gigtimedate']); unset($_SESSION['gigcover']); unset($_SESSION['gigcomment']); $_SESSION['infochanged'] = true; header('location:member.php?gigs=yes'); print_r($gigs); } } Here is the page that pulls the data from the database: mysql_connect("localhost" , "*******" , "******") or die('Database is not responding.'); mysql_select_db("********") or die('Unable to connect to database'); $match2 ="SELECT * FROM giglists WHERE gigemail = '$stemail'"; $qry2 = mysql_query($match2) or die('Could not match data because of database error' . mysql_error());; $num_rows2 = mysql_num_rows($qry2); while ($row2 = mysql_fetch_array($qry2)){ print_r($row2['gigs']); if ($row2['gigs'] !==""){ $_SESSION['gigs'] = unserialize($row2['gigs']); $_SESSION['gigtimedate'] = unserialize($row2['gigtimedate']); $_SESSION['gigcover'] = unserialize($row2['gigcover']); $_SESSION['gigcomment'] = unserialize($row2['gigcomments']); $_SESSION['gigstate'] = unserialize($row2['gigstate']); $_SESSION['gigcity'] = unserialize($row2['gigcity']); $_SESSION['gigaddress'] = unserialize($row2['gigaddress']); $_SESSION['gigcountry'] = unserialize($row2['gigcountry']); $_SESSION['gigzip'] = unserialize($row2['gigzip']); } } mysql_close(); print_r($_SESSION); echo"<font size=\"3\" face=\"verdana\" color=\"#ffffff\"><b>GIG LISTING</b><br><br></td></tr><tr>"; if ($_SESSION['gigs'] ==""){ echo"<td align=\"center\" valign=\"top\" bgcolor=\"#000000\" style=\"border:none\"><font size=\"2\" face=\"verdana\" color=\"#ffffff\">"; } else { echo"<td align=\"left\" valign=\"top\" bgcolor=\"#000000\" style=\"border:none\"><font size=\"2\" face=\"verdana\" color=\"#ffffff\">"; } if ($_SESSION['gigs'] ==""){ echo"<b>No gigs have been listed yet!</b><br><br><form action=\"addgigs.php\" method=\"post\"><input type=\"image\" src=\"images/submitbutton.jpg\" name=\"postgigs\"><br>ADD GIGS NOW!!!!</form></td></tr></table></table></center></body>"; } else { $gigcount = @count($_SESSION['gigs']); $o = 1; while ($o <= $gigcount){ $gigtime[$o] = @strtotime($_SESSION['gigtimedate'][$o]); $o++; } $d = 1; while ($d <= $gigcount){ $gigtime2[$d] = @strtotime($_SESSION['gigtimedate'][$d]); $d++; } sort($gigtime); $t = 0; $f = 1; $datecount = @count($_SESSION['gigs']); while ($f <= $datecount){ $key = @array_search($gigtime[$t], $gigtime2); if ($key !==""){ $newgigs[$f] = $_SESSION['gigs'][$key]; $newgigaddress[$f] = $_SESSION['gigaddress'][$key]; $newgigcity[$f] = $_SESSION['gigcity'][$key]; $newgigstate[$f] = $_SESSION['gigstate'][$key]; $newgigcity[$f] = $_SESSION['gigcity'][$key]; $newgigcover[$f] = $_SESSION['gigcover'][$key]; $newgigcomment[$f] = $_SESSION['gigcomment'][$key]; $newgigzip[$f] = $_SESSION['gigzip'][$key]; $newgigcountry[$f] = $_SESSION['gigcountry'][$key]; $newgigtimedate[$f] = @strtotime($_SESSION['gigtimedate'][$key]); $r[$f] = $key; } $f++; $t++; } $j = 1; while ($j <= $gigcount){ echo"<b>Date:</b>"." ".date('F', $newgigtimedate[$j])." / ".date('d', $newgigtimedate[$j])." / ".date('Y', $newgigtimedate[$j])."<br><b>Time:</b> ".date('h', $newgigtimedate[$j]).":".date('i', $newgigtimedate[$j])." ".date('A', $newgigtimedate[$j])."<br>"."<b> Place:</b>"." ".@stripslashes($newgigs[$j])."<br>"."<b>Address:</b> ".@stripslashes($newgigaddress[$j]).","." ".@stripslashes($newgigcity[$j]).",".$newgigstate[$j].", ".@stripslashes($newgigzip[$j])."<br> "."<b>Cover:</b>"." "."$".@stripslashes($newgigcover[$j])." "."<br><br><b>Comments:</b>"." ".@stripslashes($newgigcomment[$j])."<br><br><hr width=\"500\" color=\"#888888\" noshade></td><td align=\"center\" valign=\"middle\" bgcolor=\"#000000\" style=\"border:none\"><form action=\"setsession.php\" method=\"post\"><input type=\"hidden\" name=\"existinggig\" value=\"".$newgigs[$j]."\"><input type=\"hidden\" name=\"order\" value=\"".$r[$j]."\"><input type=\"image\" src=\"images/editbutton.jpg\" name=\"editgigs\"><font size=\"2\" face=\"verdana\" color=\"#ffffff\"><br>Edit This Gig!!!</form></td></tr><br><tr><td align=\"left\" valign=\"top\ bgcolor=\"#0000000\" style=\"border:none\"><font size=\"2\" face=\"verdana\" color=\"#ffffff\">"; $j++; } echo"<br><br><br><br></td></tr><tr><td align=\"center\" valign=\"top\ bgcolor=\"#0000000\" style=\"border:none\"><font size=\"2\" face=\"verdana\" color=\"#ffffff\"><form action=\"setsession.php\" method=\"post\"><input type=\"hidden\" name=\"gignumber\" value=\"".@count($_SESSION['gigs'])."\"><input type=\"hidden\" name=\"addgigs\" value=\"yes\"><input type=\"image\" src=\"images/editbutton.jpg\" name=\"addgigs\"><font size=\"2\" face=\"verdana\" color=\"#ffffff\"><br>Add More Gigs!!!!</form></td></tr><table></table></center></body>"; } } Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted January 10, 2009 Share Posted January 10, 2009 Can you post your database table structure? Then I can debug your code locally. Ken Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 10, 2009 Author Share Posted January 10, 2009 Here is my database structure for table giglists: giglists Field Type Null Default Comments band_name2 varchar(100) No gigs blob No gigemail varchar(100) No gigtimedate blob No gigcover blob No webaddress varchar(100) No gigcomments blob No gigstate blob No gigcity blob No gigaddress blob No gigcountry blob No gigzip blob No image_name varchar(250) No headerimagename varchar(250) No idno varchar(5) No Indexes: Keyname Type Cardinality Field PRIMARY PRIMARY 1 gigemail Space usage: Type Usage Data 384 B Index 2,048 B Overhead 336 B Effective 2,096 B Total 2,432 B Row Statistics: Statements Value Format dynamic Rows 1 Row length ø 48 Row size ø 2,432 B Creation Jan 08, 2009 at 10:32 PM Last update Jan 09, 2009 at 04:52 PM Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 10, 2009 Author Share Posted January 10, 2009 I found another topic from this site that seems to pertains to my situation, but even though I try to addslashes, or stripslahes, or mysql_real_escape_string, it still seems to not work. Can someone using the code I have provided, put the stripslashes, addslashes, and mysql_real_escape_string into the code to show me how it would be used, so that I know I am doing it right. Here is the link to the topic from this site that is almost exactly the situation I am having. http://www.phpfreaks.com/forums/index.php?topic=125030.0 Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 10, 2009 Author Share Posted January 10, 2009 I tried the following and it worked, but this is without sending the serialized array to the database. I serialized an array, and then unserialized it, it worked fine. However when pulling the array from mysql, it doesn't unserialize. Here is what I did.... $gigs = array(1=>"John\'s", 2=>"Joe's"); $gigaddress = ""; $gigcity= ""; $gigstate = ""; $gigcountry = ""; $gigzip = ""; $gigtimedate = ""; $gigcover = ""; $gigcomment = ""; $newgigs = @serialize($gigs); echo $newgigs; $trying = @unserialize($newgigs); echo $trying[1]; The above echoed the serialized $newgigs and the result $trying[1] which is John\'s. If I could get my array to at least do that when it is being pulled from the database that would be awesome, however it pulls the serialized array from the database which would be a:2:{i:1;s:7:"John's";i:2;s:5:"Joe's";} and it doesn't unserialize this array. Without apostrophes its fine. There is no need to add or strip slashes since the array is saved in the database without slashes. Is there a known reason why the php will unserialize the array when it's not entered into mysql, but when it is it can't unserialize it????? Thanks for your help. Quote Link to comment Share on other sites More sharing options...
tcsnguy08 Posted January 10, 2009 Author Share Posted January 10, 2009 For anyone else that is having this problem I found a halfway easy solution. I just str_replace the posts i get \' in with \ and ' and then the database won't know it's an apostrophe or slash. Then, when the php recalls it, it is pulled out like a \' without an error because to the database and php before render they are just code for symbols not the symbols themselves. It will take a little work to put the str_replace on all of my user inputs, but it will save me more time in the long run. Thanks again for all your help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.