radalin Posted August 7, 2006 Share Posted August 7, 2006 Hi,I'm using php5 and apache 2 and postgresql 8.1 as database and pear's mdb2 package. I'm using escape method of mdb2. But the intresting thing is that silencer "\" character exists more than required. I mean if I write " your's " it becomes " your\\''s " and it's entered to the db as " your\'s ". If I do not use escape method and everything is fine! Yes really fine! I get the data from a form via POST method. When I try to echo the data coming from POST it's as " your\'s ". The single quote is already disabled. Well I'm curious why is this happening!! I do not think it's really possible so I'm probably missing something at somewhere. I cannot post my code sadly because it's not ordered and it requires manu functions. But the thing is even if I echo the data coming from the Post the single quote is already disabled! I'm very curious why this happens. Maybe this is because of something I dont kno yet.Thank you for your time. Quote Link to comment Share on other sites More sharing options...
Orio Posted August 7, 2006 Share Posted August 7, 2006 That's probbly because you've got magic_quotes on in your php.ini.Run this:echo get_magic_quotes_gpc();If it returns TRUE or 1, that means strings get automaticly escaped.If you want to escape strings for you database, use this function:[code]<?phpfunction sql_quote($value) { if(get_magic_quotes_gpc()){$value = stripslashes($value);} if(function_exists("mysql_real_escape_string")){$value = mysql_real_escape_string($value);} else{$value = addslashes($value);} return $value;}?>[/code]Orio. Quote Link to comment Share on other sites More sharing options...
radalin Posted August 7, 2006 Author Share Posted August 7, 2006 Hmmm yeah you were right it was enabled.But I'm using PostgreSQL should I have to use mysql_real_escape_string or it's postgresql equivalent? Quote Link to comment Share on other sites More sharing options...
Orio Posted August 7, 2006 Share Posted August 7, 2006 I have no idea...But I think it'll be ok to use on any SQL string.From php.net:[quote]mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.[/quote]Orio. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted August 7, 2006 Share Posted August 7, 2006 You would use [url=http://php.net/pg_escape_string]pg_escape_string[/url] instead. Quote Link to comment Share on other sites More sharing options...
radalin Posted August 7, 2006 Author Share Posted August 7, 2006 Thanks for the info.MDB2's escape method was using that function. When I disabled the magic_quotes, everytng is ok now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.