Jump to content


Photo

stripslashes & addslashes


  • Please log in to reply
1 reply to this topic

#1 Mr Chris

Mr Chris
  • Members
  • PipPipPip
  • Advanced Member
  • 336 posts

Posted 09 October 2006 - 11:37 AM

Hi Guys,

Have a question about the above.

I have built a News Story CMS page. On this page I have 2 fields I fill in which I use to match related terms.  So for example I enter one story with the headline:

Man Eats Dog

Into MySQL database as a record.

Then I go onto enter another story in the database called Dog eats man, and this time I enter in my  related terms for this story the term Dog

This then searches the headline field for the word dog and the body_text field in the whole table for the word dog (hope you are with me so far  ::)).  Now I do this using this code:

<? 
$query = "SELECT DISTINCT story_id, headline FROM cms_stories 
WHERE (headline LIKE '%$term_one%' OR headline LIKE '%$term_two%' OR body_text LIKE '%$term_one%' OR body_text LIKE '%$term_two%') 
AND story_id != $story_id"; $result = mysql_query($query) OR die(mysql_error());  

$result = mysql_query($query) OR die(mysql_error()); 

 if (mysql_num_rows($result) == 0) {
    echo ("<DIV ALIGN=\"CENTER\">Sorry, there are no related    
    stories</div>"); 

} else { 

    while($row = mysql_fetch_assoc($result))   { 
        echo " - <a href='story.php?story_id={$row[story_id]}'> 
        {$row[headline]}</a><p></p>"; 
    } 
}

?>

Now on my live site in my related story box I now have a link from Dog Eats Man to Man eats dog as the term dog has been entered as a related term. Fine...

...But

Is I was to enter the related term as something like dog's - ie with an apostophe my live site throws up a SQL error as it does not like the '

So my question is how do I enter the data.  Do I enter the data so that I addslashes  - and does this has an effect on searching the headline and body_text field as these fields do not hold slashed data?  Or can I just add  stripslashes on my live site which will cause the mysql syntax error to not be apparent anymore?

Hope you get what I mean and can help!

Thanks

Chris

Thanks

Chris

#2 Orio

Orio
  • Staff Alumni
  • Advanced Member
  • 2,491 posts

Posted 09 October 2006 - 12:58 PM

Use the function mysql_real_escape_string().

Read about it, and pay attention to the examples and notes.

Orio.
Think you're smarty?

(Gone until 20 to November)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users