tinker Posted January 19, 2008 Share Posted January 19, 2008 This issue is a mix of mysql, regex and php, so i've put here, ok! What i've got is a form which takes a string (either an ip or agent) and stores it a mysql table. The data is ultimately used by mysql LIKE or REGEXP, however (as you'll see) it's sort of backwards. The problem is that I need to escape errogenous data so it doesn't interfere with the REGEXP, therefore i'm running it through preg_replace before storage. When I dump this to page it looks as it should, but when in / pulled from db it's not escaped. I've tried double escaping it to no avail, however if I manually escape it in the original form then this works ok? $tn = $db_table_prefix."log_ban"; // (id, ban_item) $ban_item = "Mozilla/5.0 (X11; U; Linux"; // demo example $pattern = array('/(\()/i', '/(\))/i', '/(\-)/i', '/(\/)/'); $replacement = array('\\(', '\\)', '\\-', '\\/'); $ban_item = preg_replace($pattern, $replacement, $ban_item);//."<br>"; print $ban_item."<br>\n"; //$ban_item = substr($ban_item, 0, 255); $s = "INSERT INTO ".$tn." VALUES ('', '".$ban_item."') ON DUPLICATE KEY UPDATE ban_item = '".$ban_item."'"; $ret = db_do_mysql_query_d($s); Quote Link to comment Share on other sites More sharing options...
tinker Posted January 19, 2008 Author Share Posted January 19, 2008 I could swear I tried this last night... $replacement = array('\\\\\(', '\\\\\)', '\\\\\-', '\\\\\/'); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.