lindm Posted December 30, 2007 Share Posted December 30, 2007 Have searched around and this seems to be a common area for help, still need your help though... In my php script I have a variable which contains html code and parts that are slashed, example: $var = 'onmouseover="popup(\'Test\')" '; Now I want to insert $var into a mysql database and get a syntax error which I guess is because of the backslashes. How do I come around this? Magic quotes is enabled if this helps. Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/83737-solved-slash-in-string-and-insert-problem/ Share on other sites More sharing options...
lindm Posted December 30, 2007 Author Share Posted December 30, 2007 Is this perhaps the best solution? $var2=mysql_real_escape_string(stripslashes($var), $con); Quote Link to comment https://forums.phpfreaks.com/topic/83737-solved-slash-in-string-and-insert-problem/#findComment-426057 Share on other sites More sharing options...
drranch Posted December 30, 2007 Share Posted December 30, 2007 What does the syntax error message say? Quote Link to comment https://forums.phpfreaks.com/topic/83737-solved-slash-in-string-and-insert-problem/#findComment-426058 Share on other sites More sharing options...
lindm Posted December 30, 2007 Author Share Posted December 30, 2007 The original error is: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'xxx ' at line 1 This however seems to work. $var2=mysql_real_escape_string(stripslashes($var), $con); Any ideas why I shouldn't use this? perhaps an other solution? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/83737-solved-slash-in-string-and-insert-problem/#findComment-426062 Share on other sites More sharing options...
drranch Posted December 30, 2007 Share Posted December 30, 2007 The backslash is an escape charater in MYSQL and that was the reason for the error. Using the new one you built is fine since using mysql escape string is escaping the backslash escape character. You could have used two back slashes on the orginal script, since they would have represented a single backslash and not recognized by MYSQL or PHP as an escape character of a single back slash. Using mysql_real_escape_String() around each variable prevents SQL injections from occuring by prepending backslashes to the following characters \x00, \n, \r, \, '," and \x1a This function should always be used with few exceptions to make data safe before sending a query to MYSQL Quote Link to comment https://forums.phpfreaks.com/topic/83737-solved-slash-in-string-and-insert-problem/#findComment-426073 Share on other sites More sharing options...
lindm Posted December 30, 2007 Author Share Posted December 30, 2007 Then I learned something new today too Many thanks! Quote Link to comment https://forums.phpfreaks.com/topic/83737-solved-slash-in-string-and-insert-problem/#findComment-426082 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.