Wayniac Posted February 19, 2010 Share Posted February 19, 2010 Hello everyone, This is an interesting issue and after a few OMGs and HOLY beeps I figured out why my code stopped working. First I wanted to get rid of my nasty "\" backslash from popping up every time I made an entry with a apostrophe, it would create a backslash before it. So I went into my "php.ini" and typed in "magic_quotes_gpc=off". Yay solution solved, and now backslashes were no more. Now the lovely code I am going to post before you is what stopped working. Its suppose to do a search using the words I typed in and filter out only what matches, pretty standard. Except, what use to work beautifully, has now just stopped and nothing happens when I hit the submit. Here is the code below: <? //This is only displayed if they have submitted the form if ($searching2 =="yes") { echo "<h2>Results</h2><p>"; //If they did not enter a search term we give them an error if ($find2 == "") { echo "<p>You forgot to enter a search term"; exit; } // We preform a bit of filtering $find2 = strtoupper($find2); $find2 = strip_tags($find2); $find2 = trim ($find2); //Now we search for our search term, in the field the user specified $data = mysql_query("SELECT * FROM album WHERE upper($field) LIKE'%$find2%'"); //And we display the results while($myrow = mysql_fetch_array( $data )) { echo "<img src=\"get_image.php?image={$myrow['albumid']}\" width=\"50\" height=\"50\" border=\"1\" align=\"right\">"; echo ("<span class=\"TextoBaseLarge\">" . $myrow['title'] . "</span>"); echo "<b><br>Posted: </b><i>"; echo $myrow['dtime']; echo "</i><b><br>Year: </b>"; echo $myrow['year']; echo "</i> year(s)"; echo "</i><b><br>Month: </b>"; echo $myrow['month']; echo "</i> month(s)"; echo "</i><b><br>State / Province: </b>"; echo $myrow['state']; // Now print the options to (Read,Edit & Delete the entry) echo "<br><a href=\"read_more.php?albumid=$myrow[albumid]\">Read Entry </a><br><br>"; echo "<hr align=left width=280 color=\"#4e592f\">"; } //This counts the number or results - and if there wasn't any it gives them a little message explaining that $anymatches=mysql_num_rows($data); if ($anymatches == 0) { echo "Sorry, but we can not find an entry to match your query<br><br>"; } //And we remind them what they searched for echo "<b>Searched For:</b> " .$find2; } ?> Hopefully someone has encountered this problem and I can simply bonk myself on the head for an easy fix. Thank you Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/ Share on other sites More sharing options...
SchweppesAle Posted February 19, 2010 Share Posted February 19, 2010 pretty sure they're phasing magic quotes out in php6(don't quote me). Use mysql_real_escape_string() instead when inserting data. http://php.net/manual/en/function.mysql-real-escape-string.php You can remove slashes later by using stripslashes(); http://php.net/manual/en/function.stripslashes.php Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014894 Share on other sites More sharing options...
PFMaBiSmAd Posted February 19, 2010 Share Posted February 19, 2010 If your data is escaped properly (only once) the actual slash \ character is NOT inserted into the database table and there is no need to remove slashes later. Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014903 Share on other sites More sharing options...
Wayniac Posted February 19, 2010 Author Share Posted February 19, 2010 Thank you both for your quick and informative replies. I have here what is going to be outputted, along with an example code. Not sure how to implement it, am I in the right direction? My code: $testimonial = mysql_real_escape_string($_POST['testimonial']); Example code: echo stripslashes($_POST['testimonial']); Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014919 Share on other sites More sharing options...
Wayniac Posted February 19, 2010 Author Share Posted February 19, 2010 Thank you so much, its working now! I changed: $testimonial = mysql_real_escape_string($_POST['testimonial']); To: $testimonial = stripslashes($_POST['testimonial']); Should I be concerned that I am not using "mysql_real_escape_string"? All I know about this is that its currently the newest way to pass it in the versions today. Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014928 Share on other sites More sharing options...
PFMaBiSmAd Posted February 19, 2010 Share Posted February 19, 2010 mysql_real_escape_string() requires a connection to the database server because it uses takes into account the current character set of your database. Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014938 Share on other sites More sharing options...
Wayniac Posted February 19, 2010 Author Share Posted February 19, 2010 So I am okay to use the $testimonial = stripslashes($_POST['testimonial']); in replace of the "mysql_real_escape_string" since its working fine, its not going to cause me any harm down the road. Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014944 Share on other sites More sharing options...
SchweppesAle Posted February 19, 2010 Share Posted February 19, 2010 So I am okay to use the $testimonial = stripslashes($_POST['testimonial']); in replace of the "mysql_real_escape_string" since its working fine, its not going to cause me any harm down the road. yes, that's fine. Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014961 Share on other sites More sharing options...
Wayniac Posted February 19, 2010 Author Share Posted February 19, 2010 Sweet thank you, I also got some help from Stephen and he suggested to use this which works brilliantly. $testimonial = mysql_real_escape_string(stripslashes($_POST['testimonial'])); Thank you everyone, you helped me HUGE! Link to comment https://forums.phpfreaks.com/topic/192643-turning-magic-quotes-off-broke-my-code/#findComment-1014963 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.