Jump to content

Archived

This topic is now archived and is closed to further replies.

Mr Chris

stripslashes & addslashes

Recommended Posts

Hi Guys,

Have a question about the above.

I have built a News Story CMS page. On this page I have 2 fields I fill in which I use to match [b]related terms[/b].  So for example I enter one story with the headline:

[b]Man Eats Dog[/b]

Into MySQL database as a record.

Then I go onto enter another story in the database called [b]Dog eats man[/b], and this time I enter in my  [b]related terms[/b] for this story the term [b]Dog[/b]

This then searches the headline field for the word dog and the body_text field in the whole table for the word dog (hope you are with me so far  ::)).  Now I do this using this code:

[code=php:0]
<?
$query = "SELECT DISTINCT story_id, headline FROM cms_stories
WHERE (headline LIKE '%$term_one%' OR headline LIKE '%$term_two%' OR body_text LIKE '%$term_one%' OR body_text LIKE '%$term_two%')
AND story_id != $story_id"; $result = mysql_query($query) OR die(mysql_error()); 

$result = mysql_query($query) OR die(mysql_error());

if (mysql_num_rows($result) == 0) {
    echo ("<DIV ALIGN=\"CENTER\">Sorry, there are no related   
    stories</div>");

} else {

    while($row = mysql_fetch_assoc($result))  {
        echo " - <a href='story.php?story_id={$row[story_id]}'>
        {$row[headline]}</a><p></p>";
    }
}

?>
[/code]

Now on my live site in my related story box I now have a link from [b]Dog Eats Man[/b] to [b]Man eats dog[/b] as the term [b]dog[/b] has been entered as a related term. Fine...

...But

Is I was to enter the related term as something like [b]dog's[/b] - ie with an apostophe my live site throws up a SQL error as it does not like the '

So my question is how do I enter the data.  Do I enter the data so that I addslashes  - and does this has an effect on searching the headline and body_text field as these fields do not hold slashed data?  Or can I just add  stripslashes on my live site which will cause the mysql syntax error to not be apparent anymore?

Hope you get what I mean and can help!

Thanks

Chris

Thanks

Chris

Share this post


Link to post
Share on other sites
Use the function [url=http://www.php.net/mysql_real_escape_string]mysql_real_escape_string()[/url].

Read about it, and pay attention to the examples and notes.

Orio.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.