| Subject | Re: [firebird-php] SQL script |
|---|---|
| Author | Milan Babuskov |
| Post date | 2003-11-20T12:07:03Z |
Dorin Pacurar wrote:
into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH ''O''''TOOL''
and sent to the database... of course, it won't work.
Addslashes only makes it worse, turning it into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH \'\'O\'\'\'\'TOOL\'\'
Nice, isn't it. ;)
My suggestion is not to use addslashes at all. If you want to keep
magic_quotes on, then do something like this:
$query = str_replace("''", "'", $_POST["Textarea_content"];);
$result=ibase_query($conn, $query);
You can always output $query to the browser to see what's really sent to
the database.
--
Milan Babuskov
http://fbexport.sourceforge.net
> In a form, in a TEXTAREA I wroteI hate magic_quotes, and that is good example why. Your SELECT is turned
>
> SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH 'O''TOOL'
>
> The line in my script is:
>
> $result=ibase_query($conn, addslashes($_POST"Textarea_content"]));
>
> The result :
>
> Warning: ibase_query(): Dynamic SQL Error SQL error code = -104 Token
> unknown - line 1, char 58 O in c:\apache\htdocs\action.php on line 14
>
> in php.ini I've set magic_quotes_sybase = on
into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH ''O''''TOOL''
and sent to the database... of course, it won't work.
Addslashes only makes it worse, turning it into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH \'\'O\'\'\'\'TOOL\'\'
Nice, isn't it. ;)
My suggestion is not to use addslashes at all. If you want to keep
magic_quotes on, then do something like this:
$query = str_replace("''", "'", $_POST["Textarea_content"];);
$result=ibase_query($conn, $query);
You can always output $query to the browser to see what's really sent to
the database.
--
Milan Babuskov
http://fbexport.sourceforge.net