tinker Posted January 19, 2008 Share Posted January 19, 2008 This issue is a mix of mysql, regex and php, so i've put here, ok! What i've got is a form which takes a string (either an ip or agent) and stores it a mysql table. The data is ultimately used by mysql LIKE or REGEXP, however (as you'll see) it's sort of backwards. The problem is that I need to escape errogenous data so it doesn't interfere with the REGEXP, therefore i'm running it through preg_replace before storage. When I dump this to page it looks as it should, but when in / pulled from db it's not escaped. I've tried double escaping it to no avail, however if I manually escape it in the original form then this works ok? $tn = $db_table_prefix."log_ban"; // (id, ban_item) $ban_item = "Mozilla/5.0 (X11; U; Linux"; // demo example $pattern = array('/(\()/i', '/(\))/i', '/(\-)/i', '/(\/)/'); $replacement = array('\\(', '\\)', '\\-', '\\/'); $ban_item = preg_replace($pattern, $replacement, $ban_item);//."<br>"; print $ban_item."<br>\n"; //$ban_item = substr($ban_item, 0, 255); $s = "INSERT INTO ".$tn." VALUES ('', '".$ban_item."') ON DUPLICATE KEY UPDATE ban_item = '".$ban_item."'"; $ret = db_do_mysql_query_d($s); Link to comment https://forums.phpfreaks.com/topic/86763-solved-im-escaping/ Share on other sites More sharing options...
tinker Posted January 19, 2008 Author Share Posted January 19, 2008 I could swear I tried this last night... $replacement = array('\\\\\(', '\\\\\)', '\\\\\-', '\\\\\/'); Link to comment https://forums.phpfreaks.com/topic/86763-solved-im-escaping/#findComment-443446 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.