Jump to content

[SOLVED] I'm escaping!


tinker

Recommended Posts

This issue is a mix of mysql, regex and php, so i've put here, ok!

 

What i've got is a form which takes a string (either an ip or agent) and stores it a mysql table. The data is ultimately used by mysql LIKE or REGEXP, however (as you'll see) it's sort of backwards. The problem is that I need to escape errogenous data so it doesn't interfere with the REGEXP, therefore i'm running it through preg_replace before storage. When I dump this to page it looks as it should, but when in / pulled from db it's not escaped. I've tried double escaping it to no avail, however if I manually escape it in the original form then this works ok?

$tn = $db_table_prefix."log_ban";	//	(id, ban_item)

$ban_item = "Mozilla/5.0 (X11; U; Linux"; // demo example

$pattern = array('/(\()/i', '/(\))/i', '/(\-)/i', '/(\/)/');
$replacement = array('\\(', '\\)', '\\-', '\\/');
$ban_item = preg_replace($pattern, $replacement, $ban_item);//."<br>";
print $ban_item."<br>\n";

//$ban_item = substr($ban_item, 0, 255);

$s = "INSERT INTO ".$tn." VALUES ('', '".$ban_item."') ON DUPLICATE KEY UPDATE ban_item = '".$ban_item."'";
$ret = db_do_mysql_query_d($s);

Link to comment
https://forums.phpfreaks.com/topic/86763-solved-im-escaping/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.