Needing MAJOR help with adding to a database..

[ChambeRFienD]

Well, I'm having one HECK of a time trying to get my code to work... I'm trying to make it so people can add names to a database, some which will include apostrophes and quotation marks.. I've tried using addslashes, mysql_real_escape_string, and right now my code is a mess with a mixture of both, which is coming out with bad end results.. Currently I am using mysql_real_escape_string for everything going into an SQL query. The problem is, retrieving data from the database comes out with several slashes.. I've been trying to use stripslashes to remove them with no luck.

My question is, what is the best thing to do when trying to insert and remove text into a MySQL database without getting SQL errors?

If anyone would like to see the code, feel free and ask. it's about 3041 lines, but searching for mysql_real_escape_string and stripslashes will show you all of my attempts. =P

[bbaker]

if you have [i]magic_quotes_gpc[/i] set to ON, it is by default, you do not need to use addslashes(). You may be double escaping.

[ChambeRFienD]

Okay... Using this:
[code]            $search = $_POST['search'];


            echo $search; //Comes out as test\'d when entering test'd


            echo "<h3>Searching owned alts for '$search'</h3>";

            echo "<table cellspacing='0' class='alttable' width='100%'>";

            $get_alts = mysql_query("SELECT * FROM alts_trade WHERE trade_name LIKE '%$search%' ORDER BY trade_name ASC");

            $count = mysql_num_rows($get_alts);

            echo "<font size='-2'>There are $count result(s) that match your search!</font>";

            while($row_alts = mysql_fetch_array($get_alts)) {

                $alt_id = $row_alts['trade_id'];

                $alt_name = stripslashes($row_alts['trade_name']);

                $alt_status = $row_alts['trade_level'];

                $alt_owner = $row_alts['trade_owner'];

                if($altcolor == 0) {

                    $class = 'altcolor1';

                } else if($altcolor == 1) {

                    $class = 'altcolor2';

                }

                switch($alt_status) {

                    case 4:

                        $alt_level = "Not for Trade";

                    break;

                    case 5:

                        $alt_level = "On Hold";

                    break;

                    case 6:

                        $alt_level = "Open for Trade";

                    break;

                }

                $get_owner = mysql_query("SELECT * FROM phpbb_users WHERE user_id=$alt_owner");

                $row_owner = mysql_fetch_array($get_owner);

                $owner_name = $row_owner['username'];

                echo "<tr><td class='$class'><a href='?page=alt&amp;alt=$alt_id'>$alt_name</a> - $alt_level - Owned by: <a href='profile.php?mode=viewprofile&amp;u=$alt_owner'>$owner_name</a>&nbsp - &nbsp;";

                if($user_level > 0) {

                    echo "<a href='?page=edit_alts&amp;mode=admin&amp;alt=$alt_id'>Edit Me</a> | <a href='?page=edit_alts&amp;mode=admin&amp;f=delete&amp;alt=$alt_id'>Delete Me</a>";

                }

                echo "</td></tr>";

                

                if($altcolor == 0) {

                    $altcolor++;

                } else if($altcolor == 1) {

                    $altcolor--;

                }

            }

            echo "</table>";
[/code]

In my database, I have this: test\'d

BUT, it comes up with no results.. Echoing $search comes out with test\'d.. Even before I addslashes.

[redarrow]

Show your form for inserting data

[ChambeRFienD]

[!--quoteo(post=368709:date=Apr 25 2006, 10:47 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Apr 25 2006, 10:47 PM) [snapback]368709[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Show your form for inserting data
[/quote]

[code]    <form action='?page=search' method='post'>

    Search:<br />

    <input type='text' name='search' class='input_box' /> <br />

    <input name='function' value='owned' checked='checked' type='radio' /> Owned Alts<br />

    <input name='function' value='wanted' type='radio' /> Wanted Alts<br />

    <input name='function' value='users' type='radio' /> Users<br />

    <br />

    <input type='submit' value='Search' />

    </form>[/code]

[redarrow]

$alt_id = $row_alts['trade_id'\];

$alt_name = stripslashes($row_alts['trade_name']);

$alt_status = $row_alts['trade_level'\];

$alt_owner = $row_alts['trade_owner'\];

what about back slash

[ChambeRFienD]

[!--quoteo(post=368716:date=Apr 25 2006, 11:14 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Apr 25 2006, 11:14 PM) [snapback]368716[/snapback][/div][div class=\'quotemain\'][!--quotec--]
$alt_id = $row_alts['trade_id'\];

$alt_name = stripslashes($row_alts['trade_name']);

$alt_status = $row_alts['trade_level'\];

$alt_owner = $row_alts['trade_owner'\];

what about back slash
[/quote]

Hmm? Still kinda new to PHP. =P

[ChambeRFienD]

Anyone else able to help me with this? I have slashes all over my website right now. =P

[kenrbnsn]

What do you me by [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]I have slashes all over my website right now.[/quote]

Ken

[ChambeRFienD]

[!--quoteo(post=368994:date=Apr 26 2006, 04:55 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 26 2006, 04:55 PM) [snapback]368994[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What do you me by

Ken
[/quote]

Well, if I try using the search function above with an apostrophe in it, slashes show up there. Slashes are showing up in results from my MySQL queries..

All I want is a good way to make it so I can have data inserted into a database that may include apostrophies, quotations, and more, and not have slashes show up when pulling them from the database..

[kenrbnsn]

When you insert data into the database use
[code]<?php mysql_real_escape_string(stripslashes($data)) ?>[/code]

Ken

[ChambeRFienD]

[!--quoteo(post=368999:date=Apr 26 2006, 05:14 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 26 2006, 05:14 PM) [snapback]368999[/snapback][/div][div class=\'quotemain\'][!--quotec--]
When you insert data into the database use
[code]<?php mysql_real_escape_string(stripslashes($data)) ?>[/code]

Ken
[/quote]

Thanks much! I'll give that a shot.