Jump to content


Photo

Needing MAJOR help with adding to a database..


  • Please log in to reply
11 replies to this topic

#1 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 01:26 AM

Well, I'm having one HECK of a time trying to get my code to work... I'm trying to make it so people can add names to a database, some which will include apostrophes and quotation marks.. I've tried using addslashes, mysql_real_escape_string, and right now my code is a mess with a mixture of both, which is coming out with bad end results.. Currently I am using mysql_real_escape_string for everything going into an SQL query. The problem is, retrieving data from the database comes out with several slashes.. I've been trying to use stripslashes to remove them with no luck.

My question is, what is the best thing to do when trying to insert and remove text into a MySQL database without getting SQL errors?

If anyone would like to see the code, feel free and ask. it's about 3041 lines, but searching for mysql_real_escape_string and stripslashes will show you all of my attempts. =P

#2 bbaker

bbaker
  • Members
  • PipPipPip
  • Advanced Member
  • 127 posts
  • LocationNY

Posted 26 April 2006 - 02:06 AM

if you have magic_quotes_gpc set to ON, it is by default, you do not need to use addslashes(). You may be double escaping.

#3 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 02:38 AM

Okay... Using this:
            $search = $_POST['search'];


            echo $search; //Comes out as test\'d when entering test'd


            echo "<h3>Searching owned alts for '$search'</h3>";

            echo "<table cellspacing='0' class='alttable' width='100%'>";

            $get_alts = mysql_query("SELECT * FROM alts_trade WHERE trade_name LIKE '%$search%' ORDER BY trade_name ASC");

            $count = mysql_num_rows($get_alts);

            echo "<font size='-2'>There are $count result(s) that match your search!</font>";

            while($row_alts = mysql_fetch_array($get_alts)) {

                $alt_id = $row_alts['trade_id'];

                $alt_name = stripslashes($row_alts['trade_name']);

                $alt_status = $row_alts['trade_level'];

                $alt_owner = $row_alts['trade_owner'];

                if($altcolor == 0) {

                    $class = 'altcolor1';

                } else if($altcolor == 1) {

                    $class = 'altcolor2';

                }

                switch($alt_status) {

                    case 4:

                        $alt_level = "Not for Trade";

                    break;

                    case 5:

                        $alt_level = "On Hold";

                    break;

                    case 6:

                        $alt_level = "Open for Trade";

                    break;

                }

                $get_owner = mysql_query("SELECT * FROM phpbb_users WHERE user_id=$alt_owner");

                $row_owner = mysql_fetch_array($get_owner);

                $owner_name = $row_owner['username'];

                echo "<tr><td class='$class'><a href='?page=alt&amp;alt=$alt_id'>$alt_name</a> - $alt_level - Owned by: <a href='profile.php?mode=viewprofile&amp;u=$alt_owner'>$owner_name</a>&nbsp - &nbsp;";

                if($user_level > 0) {

                    echo "<a href='?page=edit_alts&amp;mode=admin&amp;alt=$alt_id'>Edit Me</a> | <a href='?page=edit_alts&amp;mode=admin&amp;f=delete&amp;alt=$alt_id'>Delete Me</a>";

                }

                echo "</td></tr>";

                

                if($altcolor == 0) {

                    $altcolor++;

                } else if($altcolor == 1) {

                    $altcolor--;

                }

            }

            echo "</table>";

In my database, I have this: test\'d

BUT, it comes up with no results.. Echoing $search comes out with test\'d.. Even before I addslashes.

#4 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 26 April 2006 - 02:47 AM


Show your form for inserting data
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#5 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 03:01 AM

[!--quoteo(post=368709:date=Apr 25 2006, 10:47 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Apr 25 2006, 10:47 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Show your form for inserting data
[/quote]

    <form action='?page=search' method='post'>

    Search:<br />

    <input type='text' name='search' class='input_box' /> <br />

    <input name='function' value='owned' checked='checked' type='radio' /> Owned Alts<br />

    <input name='function' value='wanted' type='radio' /> Wanted Alts<br />

    <input name='function' value='users' type='radio' /> Users<br />

    <br />

    <input type='submit' value='Search' />

    </form>


#6 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 26 April 2006 - 03:14 AM

$alt_id = $row_alts['trade_id'\];

$alt_name = stripslashes($row_alts['trade_name']);

$alt_status = $row_alts['trade_level'\];

$alt_owner = $row_alts['trade_owner'\];

what about back slash
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#7 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 03:17 AM

[!--quoteo(post=368716:date=Apr 25 2006, 11:14 PM:name=redarrow)--][div class=\'quotetop\']QUOTE(redarrow @ Apr 25 2006, 11:14 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
$alt_id = $row_alts['trade_id'\];

$alt_name = stripslashes($row_alts['trade_name']);

$alt_status = $row_alts['trade_level'\];

$alt_owner = $row_alts['trade_owner'\];

what about back slash
[/quote]

Hmm? Still kinda new to PHP. =P

#8 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 08:49 PM

Anyone else able to help me with this? I have slashes all over my website right now. =P

#9 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 26 April 2006 - 08:55 PM

What do you me by [!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]I have slashes all over my website right now.[/quote]

Ken

#10 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 08:57 PM

[!--quoteo(post=368994:date=Apr 26 2006, 04:55 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 26 2006, 04:55 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
What do you me by

Ken
[/quote]

Well, if I try using the search function above with an apostrophe in it, slashes show up there. Slashes are showing up in results from my MySQL queries..

All I want is a good way to make it so I can have data inserted into a database that may include apostrophies, quotations, and more, and not have slashes show up when pulling them from the database..

#11 kenrbnsn

kenrbnsn
  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 26 April 2006 - 09:14 PM

When you insert data into the database use
<?php mysql_real_escape_string(stripslashes($data)) ?>

Ken

#12 ChambeRFienD

ChambeRFienD
  • Members
  • PipPip
  • Member
  • 25 posts

Posted 26 April 2006 - 09:18 PM

[!--quoteo(post=368999:date=Apr 26 2006, 05:14 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Apr 26 2006, 05:14 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
When you insert data into the database use
<?php mysql_real_escape_string(stripslashes($data)) ?>

Ken
[/quote]

Thanks much! I'll give that a shot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users