Jump to content

Archived

This topic is now archived and is closed to further replies.

ChambeRFienD

Needing MAJOR help with adding to a database..

Recommended Posts

Well, I'm having one HECK of a time trying to get my code to work... I'm trying to make it so people can add names to a database, some which will include apostrophes and quotation marks.. I've tried using addslashes, mysql_real_escape_string, and right now my code is a mess with a mixture of both, which is coming out with bad end results.. Currently I am using mysql_real_escape_string for everything going into an SQL query. The problem is, retrieving data from the database comes out with several slashes.. I've been trying to use stripslashes to remove them with no luck.

My question is, what is the best thing to do when trying to insert and remove text into a MySQL database without getting SQL errors?

If anyone would like to see the code, feel free and ask. it's about 3041 lines, but searching for mysql_real_escape_string and stripslashes will show you all of my attempts. =P

Share this post


Link to post
Share on other sites
if you have [i]magic_quotes_gpc[/i] set to ON, it is by default, you do not need to use addslashes(). You may be double escaping.

Share this post


Link to post
Share on other sites
Okay... Using this:
[code]            $search = $_POST['search'];


            echo $search; //Comes out as test\'d when entering test'd


            echo "<h3>Searching owned alts for '$search'</h3>";

            echo "<table cellspacing='0' class='alttable' width='100%'>";

            $get_alts = mysql_query("SELECT * FROM alts_trade WHERE trade_name LIKE '%$search%' ORDER BY trade_name ASC");

            $count = mysql_num_rows($get_alts);

            echo "<font size='-2'>There are $count result(s) that match your search!</font>";

            while($row_alts = mysql_fetch_array($get_alts)) {

                $alt_id = $row_alts['trade_id'];

                $alt_name = stripslashes($row_alts['trade_name']);

                $alt_status = $row_alts['trade_level'];

                $alt_owner = $row_alts['trade_owner'];

                if($altcolor == 0) {

                    $class = 'altcolor1';

                } else if($altcolor == 1) {

                    $class = 'altcolor2';

                }

                switch($alt_status) {

                    case 4:

                        $alt_level = "Not for Trade";

                    break;

                    case 5:

                        $alt_level = "On Hold";

                    break;

                    case 6:

                        $alt_level = "Open for Trade";

                    break;

                }

                $get_owner = mysql_query("SELECT * FROM phpbb_users WHERE user_id=$alt_owner");

                $row_owner = mysql_fetch_array($get_owner);

                $owner_name = $row_owner['username'];

                echo "<tr><td class='$class'><a href='?page=alt&amp;alt=$alt_id'>$alt_name</a> - $alt_level - Owned by: <a href='profile.php?mode=viewprofile&amp;u=$alt_owner'>$owner_name</a>&nbsp - &nbsp;";

                if($user_level > 0) {

                    echo "<a href='?page=edit_alts&amp;mode=admin&amp;alt=$alt_id'>Edit Me</a> | <a href='?page=edit_alts&amp;mode=admin&amp;f=delete&amp;alt=$alt_id'>Delete Me</a>";

                }

                echo "</td></tr>";

                

                if($altcolor == 0) {

                    $altcolor++;

                } else if($altcolor == 1) {

                    $altcolor--;

                }

            }

            echo "</table>";
[/code]

In my database, I have this: test\'d

BUT, it comes up with no results.. Echoing $search comes out with test\'d.. Even before I addslashes.

Share this post


Link to post
Share on other sites
[!--quoteo(post=368709:date=Apr 25 2006, 10:47 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Apr 25 2006, 10:47 PM) [snapback]368709[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Show your form for inserting data
[/quote]

[code]    <form action='?page=search' method='post'>

    Search:<br />

    <input type='text' name='search' class='input_box' /> <br />

    <input name='function' value='owned' checked='checked' type='radio' /> Owned Alts<br />

    <input name='function' value='wanted' type='radio' /> Wanted Alts<br />

    <input name='function' value='users' type='radio' /> Users<br />

    <br />

    <input type='submit' value='Search' />

    </form>[/code]

Share this post


Link to post
Share on other sites
$alt_id = $row_alts['trade_id'\];

$alt_name = stripslashes($row_alts['trade_name']);

$alt_status = $row_alts['trade_level'\];

$alt_owner = $row_alts['trade_owner'\];

what about back slash

Share this post


Link to post
Share on other sites
[!--quoteo(post=368716:date=Apr 25 2006, 11:14 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Apr 25 2006, 11:14 PM) [snapback]368716[/snapback][/div][div class=\'quotemain\'][!--quotec--]
$alt_id = $row_alts['trade_id'\];

$alt_name = stripslashes($row_alts['trade_name']);

$alt_status = $row_alts['trade_level'\];

$alt_owner = $row_alts['trade_owner'\];

what about back slash
[/quote]

Hmm? Still kinda new to PHP. =P

Share this post


Link to post
Share on other sites
What do you me by [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]I have slashes all over my website right now.[/quote]

Ken

Share this post


Link to post
Share on other sites
[!--quoteo(post=368994:date=Apr 26 2006, 04:55 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 26 2006, 04:55 PM) [snapback]368994[/snapback][/div][div class=\'quotemain\'][!--quotec--]
What do you me by

Ken
[/quote]

Well, if I try using the search function above with an apostrophe in it, slashes show up there. Slashes are showing up in results from my MySQL queries..

All I want is a good way to make it so I can have data inserted into a database that may include apostrophies, quotations, and more, and not have slashes show up when pulling them from the database..

Share this post


Link to post
Share on other sites
When you insert data into the database use
[code]<?php mysql_real_escape_string(stripslashes($data)) ?>[/code]

Ken

Share this post


Link to post
Share on other sites
[!--quoteo(post=368999:date=Apr 26 2006, 05:14 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 26 2006, 05:14 PM) [snapback]368999[/snapback][/div][div class=\'quotemain\'][!--quotec--]
When you insert data into the database use
[code]<?php mysql_real_escape_string(stripslashes($data)) ?>[/code]

Ken
[/quote]

Thanks much! I'll give that a shot.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.