cherni99 Posted June 20, 2007 Share Posted June 20, 2007 Hi there, I have been trying to store a snippet of PHP code in a table and failing! I have tried every technique suggested before posting this and I feel completely deflated. A great idea for what I need to do with it but now it has been a complete waste of time. Any help would be much appreciated! Here is just a very small piece of the the code I am trying to store... require("../includes/cn.php");$title = mysql_escape_string($HTTP_POST_VARS['title']);$first_name = mysql_escape_string($HTTP_POST_VARS['first_name']);$middle_name = mysql_escape_string($HTTP_POST_VARS['middle_name']);$surname = mysql_escape_string($HTTP_POST_VARS['surname']); It is in one continous line so it is easier to manage when inserting but any method I have used have been unsuccessful. One if the errors is below... Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' to name but one. I have used htmlentities, mysql_escape_string, str_replace, htmlspecialchars and stripslashes all in different sequences but none work. It seems to fail when a double quote and single quote are in the same string.... Again, any help would be appreciated. Thanks!! Quote Link to comment Share on other sites More sharing options...
epic_era Posted June 20, 2007 Share Posted June 20, 2007 you can store just about anything in a string but you have to put \ before any special character, something like: $string="mysql_escape_string(\$HTTP_POST_VARS[\'title\'])"; this may seem odd but it escapes any type of character and stores it as string.... not sure if this is what you need but hope it'll help Quote Link to comment Share on other sites More sharing options...
cherni99 Posted June 20, 2007 Author Share Posted June 20, 2007 Hi there epic_era thanks for replying! Ah..I didnt realise that $ needed to be escaped!! OK - this is starting to make more sense. So I have to do a mysql_escape_string on the string then insert. Regardless if mysql_escape_string is in the string already. Again, thanks a mil for your time!! Quote Link to comment Share on other sites More sharing options...
cherni99 Posted June 20, 2007 Author Share Posted June 20, 2007 hey epic_era, sorry about this but I tried your suggestion $string1 = mysql_escape_string("$title = mysql_escape_string($HTTP_POST_VARS['title']);"); echo $string1; and I am getting this error... Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' Am I missing something obvious here ??? ??? Thanks!! Quote Link to comment Share on other sites More sharing options...
trq Posted June 20, 2007 Share Posted June 20, 2007 $string1 = mysql_escape_string("\$title = mysql_escape_string(\$HTTP_POST_VARS['title']);"); PS: $HTTP_POST_VARS has long been deprecated in favour of $_POST. Quote Link to comment Share on other sites More sharing options...
cherni99 Posted June 20, 2007 Author Share Posted June 20, 2007 Thanks for that. That worked fine but I need to dynamically place the \ before the $. I have tried str_replace and I have recieved the same error as below... Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' code used... $string1 = str_replace("$","\$","$title = mysql_escape_string($HTTP_POST_VARS['title']);"); $atring2 = mysql_escape_string($string1); echo $string2; Any more ideas? P.S. With regard to $HTTP_POST_VARS I do know that but I am working with code I did not develop Quote Link to comment Share on other sites More sharing options...
trq Posted June 20, 2007 Share Posted June 20, 2007 Easier to use single quotes then. eg; $string1 = mysql_escape_string('$title = mysql_escape_string($HTTP_POST_VARS[\'title\']);'); This way you don't have to worry about escaping special chars at all (excepting single quotes obviously). Quote Link to comment Share on other sites More sharing options...
cherni99 Posted June 20, 2007 Author Share Posted June 20, 2007 hi thorpe, thanks for replying. Maybe I am not explaining myself too good. I have a string that will contain $, ', " and pretty much anything else. I will need to escape all these characters before the insert. Now what will or can I incapsulate the string in so I can escape these or what order can I start the str_replace or equivalent function to stop getting errors when performing escaping the special characters. This is a typical string I will be working with... require("../includes/cn.php");$name = mysql_escape_string($HTTP_POST_VARS['name']);$contact_name = mysql_escape_string($HTTP_POST_VARS['contact_name']); As you can see this string contains the characters mentioned above. If I contain it in a ' or a " then its gonna cause an error. Just a thought, will I have to treat each line seperately i.e. require("../includes/cn.php"); and escape it...then do the next line etc.??? Thanks!! Quote Link to comment Share on other sites More sharing options...
trq Posted June 21, 2007 Share Posted June 21, 2007 I know what your trying to do, but, the whole problem is your generating php errors, not mysql ones. mysql_real_esacpe_string will suffice for escaping ' and " as required by mysql, however, for you to be able to form these stringhs in valid php you'll also need to manually escape these chars. eg; If your entire string is enclosed in double quotes, you will need to escape double quotes and $. if your entire string is enclosed in single quotes, you will need to escape single quotes and $. Quote Link to comment Share on other sites More sharing options...
corbin Posted June 21, 2007 Share Posted June 21, 2007 Ummm I don't use single quotes often so I'm most likely wrong, but strings in single quotes aren't scanned for variables are they? Like: $hi = "hi"; $str = '$hi'; echo $str; That would echo "$hi" wouldn't it? Quote Link to comment Share on other sites More sharing options...
trq Posted June 21, 2007 Share Posted June 21, 2007 Yeah... sorry, you dont need to escape the $ char if within single quotes. Quote Link to comment Share on other sites More sharing options...
cherni99 Posted June 21, 2007 Author Share Posted June 21, 2007 OK - thanks guys - I'll keep working on it and try and get a system that works. Thanks again!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.