robert_gsfame Posted January 25, 2010 Share Posted January 25, 2010 I have used mysql_real_escape_string() and i have this \"\"james inside my database $sql=mysql_query("SELECT * FROM table"); $array=mysql_fetch_array($sql); $name=stripslashes($array['name']); sprintf("SELECT * FROM table1 WHERE name='%s'", mysql_real_escape_string($name)) In order to get another record from table1 using record from table, should i stripslashes first or not?? i really confused with this...hope anyone could help Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/ Share on other sites More sharing options...
PFMaBiSmAd Posted January 25, 2010 Share Posted January 25, 2010 If your data is escaped properly, the escape characters \ DO NOT appear in the database. They are only present in the query string so that the special sql characters that are part of the data don't break the sql syntax. Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001230 Share on other sites More sharing options...
robert_gsfame Posted January 25, 2010 Author Share Posted January 25, 2010 oops, but what i have here is that "\" appear in my database as a result of using mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001232 Share on other sites More sharing options...
PFMaBiSmAd Posted January 25, 2010 Share Posted January 25, 2010 If your data is escaped only ONCE, the \ do not appear in the database. You do need to use mysql_real_escape_string on all string data put into a query. If magic_quotes_gpc is ON, you must either turn it off or you must use stripslashes() on any external (get, post, cookie) data, then use mysql_real_escape_string on it. if(get_magic_quotes_gpc()){ $var = stripslashes($var); } $var = mysql_real_escape_string($var); Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001234 Share on other sites More sharing options...
robert_gsfame Posted January 25, 2010 Author Share Posted January 25, 2010 so i should do is like this $value=stripslashes($_POST['value']); sprintf("INSERT INTO table VALUES('%s')",mysql_real_escape_string($value)); am i correct??i really new to this...really appreciate your helps Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001236 Share on other sites More sharing options...
PFMaBiSmAd Posted January 25, 2010 Share Posted January 25, 2010 If you unconditionally use stripslashes(), that will prevent you from ever having an actual \ as part of the data on systems where magic_quotes_gpc are turned off (or under php6 where magic_quotes_gpc has finally been removed). I posted code using an if(){} statement for a reason. Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001239 Share on other sites More sharing options...
robert_gsfame Posted January 25, 2010 Author Share Posted January 25, 2010 okay so i have to use get_magic_quotes_gpc() , it will look like this $value=$_POST['value']; if(get_magic_quotes_gpc()){ $var = stripslashes($value); } sprintf("INSERT INTO table VALUES('%s')",mysql_real_escape_string($value)); is this correct?? i have to check whether get_magic_quotes_gpc() is off on every string before using it in a query? Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001241 Share on other sites More sharing options...
robert_gsfame Posted January 25, 2010 Author Share Posted January 25, 2010 okay so i have to use get_magic_quotes_gpc() , it will look like this $value=$_POST['value']; if(get_magic_quotes_gpc()){ $var = stripslashes($value); } sprintf("INSERT INTO table VALUES('%s')",mysql_real_escape_string($var)); is this correct?? i have to check whether get_magic_quotes_gpc() is off on every string before using it in a query? Link to comment https://forums.phpfreaks.com/topic/189717-retrieve-record-from-database-problem/#findComment-1001243 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.