Jump to content

Recommended Posts

I have following string data in mysql.

 

Field Name  = data

Value $text_in_db  = "Mark\'s Shop";

$text_to_search  = "Mark's Shop";

 

I need to check whether this record exists in database or not. I did,

 

$sql = "SELECT * FROM user where data = '".$text_to_search."' " ;

 

I also tried below query

$sql = "SELECT * FROM user where data = '".stripslashes($text_to_search)."' " ;

 

But it neither work first query (Giving Syntax Error) or second query (Not giving error but not returning that record).

 

So how do I get result from the DB.

 

In php_ini settings.

magic_quotes_gpc = On

 

Thanks in advance.

Link to comment
https://forums.phpfreaks.com/topic/172173-solved-stripslashes-in-mysql-issue/
Share on other sites

if the value itself in the database has a backslash before the single quote, it means it was inserted with two sets of escaping slashes - and the slash is technically a real character. to search against the database and grab that value, you'll want to run addslashes() against the value (since magic_quotes has already applied the first set of escaping slashes).

Edit: Similar/same to above ^^^

 

If you see the \ characters when you look directly in your database, that means that your data was double escaped and attempting to search for something would also require that you double escape what you are putting into $text_to_search.

 

It is best to fix your code so that the data is escaped properly (the \ characters are only in the query, not in the actual database.) You can then search for something and it will work as expected by escaping what is in $text_to_search only once.

 

 

Thnx for replies.

 

I was in impression that if we use addslashes it will add extra "\" for quote.

i.e.

 

$text = "O' Really";

$text = addslashes("O' Really"); will become "O\' Really". Is it correct?

 

Now if we have already O\' Really in DB then why we need to add second time addslashes?

If we need to use addslashes then what is use of stripslashes?

 

BTW: mikesta707: Your option was not work either.

 

Thanks,

Thnx for replies.

 

I was in impression that if we use addslashes it will add extra "\" for quote.

i.e.

 

$text = "O' Really";

$text = addslashes("O' Really"); will become "O\' Really". Is it correct?

 

that's correct. except when magic_quotes_gpc() is on, this has already been done to your data. you are obviously doing it a second time when you run addslashes() on your data prior to inserting it, and so all those backslashes end up being double-escaped:

 

// say O'Reilly was submitted via the form
echo $_POST['data']; // echoes "O\'Reilly"
echo addslashes($_POST['data']); // echoes "O\\\'Reilly"

 

you seem to be inserting the second one into your database, and so actual backslashes (rather than simply escaping ones) are being inserted. to correctly match the string to the database, you will need to run addslashes() twice.

 

as pfmabismad says, the ideal solution is to fix the code that inserts the data in the first place so that only one set of escaping slashes has been added.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.