Jump to content

[SOLVED] ' and " interfering with mysql_query

Michan

By Michan
in PHP Coding Help

 Share

Recommended Posts

Michan Member

Michan

Posted
Posted

Hi there,

 

I've ran into a problem. I'm trying to get any given article from a database and insert it into a different table. Everything works, except for the article content, as it often contains characters that interfere with the query (namely " and ').

 

How can I resolve this? Is there a way I can convert the ' and " so they don't interfere with the query? I'm pretty stuck here.

 

Thanks in advance!

Link to comment
https://forums.phpfreaks.com/topic/72403-solved-and-interfering-with-mysql_query/
Share on other sites
Michan Member

Michan

Posted
  • Author
Posted

Sure.

 

if ($_COOKIE['member_id'] == $showarticle['authorid'])

{

 

$getinfo = mysql_query('SELECT * FROM vg_articles WHERE id = '.$_GET['delete']);

 

while($useinfo = mysql_fetch_array($getinfo))

 

{

 

mysql_query('INSERT INTO vg_articles_deleted (timestamp, deletedby, articleid, sid, tid, title, content, album, thumbnail, type, author, authorid, last_edited, category, game, game_name, saved, news, event, preview, link, views, views_today, views_week, views_month, autobr, level, priority, validation, flag_status, flag_notes, image) VALUES ("'.$useinfo['timestamp'].'", "'.$_COOKIE['member_id'].'", "'.$useinfo['id'].'", "'.$useinfo['sid'].'", "'.$useinfo['tid'].'", "'.$useinfo['title'].'", "'.$useinfo['content'].'", "'.$useinfo['album'].'", "'.$useinfo['thumbnail'].'", "'.$useinfo['type'].'", "'.$useinfo['author'].'", "'.$useinfo['authorid'].'", "'.$useinfo['last_edited'].'", "'.$useinfo['category'].'", "'.$useinfo['game'].'", "'.$useinfo['game_name'].'", "'.$useinfo['saved'].'", "'.$useinfo['news'].'", "'.$useinfo['event'].'", "'.$useinfo['preview'].'", "'.$useinfo['link'].'", "'.$useinfo['views'].'", "'.$useinfo['views_today'].'", "'.$useinfo['views_week'].'", "'.$useinfo['views_month'].'", "'.$useinfo['autobr'].'", "'.$useinfo['level'].'", "'.$useinfo['priority'].'", "'.$useinfo['validation'].'", "'.$useinfo['flag_status'].'", "'.$useinfo['flag_notes'].'", "'.$useinfo['image'].'")');

 

mysql_query('DELETE FROM vg_articles WHERE id = '.$_GET['delete']);

 

}

 

echo('The article has been deleted.');

 

include("includes/footer.php");

 

die();

 

}

 

The "content" often (but not always) contains ' and " characters, such as:

 

"The sky is blue," said anonymous.

 

The code works, providing the article contains no ' or "s - which is the problem, as that's a rare occasion.

 

 

Thanks in advance!

MasterACE14 Advanced Member

MasterACE14

Posted
Posted

this line:

<?php
$getinfo = mysql_query('SELECT * FROM vg_articles WHERE id = '.$_GET['delete']);

 

change it to this:

<?php
$getinfo = mysql_query("SELECT * FROM vg_articles WHERE id =" . $_GET['delete'] . "");

 

and this line:

<?php
mysql_query('DELETE FROM vg_articles WHERE id = '.$_GET['delete']);

 

change it to this:

<?php
mysql_query("DELETE FROM vg_articles WHERE id =" . $_GET['delete'] . 
"");

 

I believe you could use the substr() function to replace all ' and " with a blank space or whatever you want.

 

Regards ACE

 

roopurt18 Advanced Member

roopurt18

Posted
Posted

First off, making the changes recommended by MasterACE won't accomplish anything.

 

Second, check the MySQL documentation for INSERT ... SELECT.

http://dev.mysql.com/doc/refman/5.0/en/insert-select.html

 

You can directly insert from one table into another if you build your query correctly.  Let us know if you get stuck from there.

roopurt18 Advanced Member

roopurt18

Posted
Posted

Heh, sorry.  But you can prove to yourself they're the same by echo'ing each of the queries.  The changes you recommended produce the same results.

 

The problem stems from the OP not using mysql_real_escape_string() to clean all of the data before inserting it.  However, there is a quick and painless way to accomplish what he wants.  So before he rights a ton of messy code that sanitizes everything, it would be better to show the OP the easy way.

 

:D

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.