| Subject | Re: [firebird-php] SQL script |
|---|---|
| Author | Dorin Pacurar |
| Post date | 2003-11-20T12:31:48Z |
Tried both solutions (Daniela and Milan). Same result. Even if the string
looks right when sending to the browser, the "Token unknown" raised.
In php.ini also I have
magic_quotes_gpc = On
agic_quotes_runtime = Off
Is this correct ?
-------Original Message-------
From: firebird-php@yahoogroups.com
Date: Thursday, November 20, 2003 14:10:13 PM
To: firebird-php@yahoogroups.com
Subject: Re: [firebird-php] SQL script
Dorin Pacurar wrote:
into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH ''O''''TOOL''
and sent to the database... of course, it won't work.
Addslashes only makes it worse, turning it into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH \'\'O\'\'\'\'TOOL\'\'
Nice, isn't it. ;)
My suggestion is not to use addslashes at all. If you want to keep
magic_quotes on, then do something like this:
$query = str_replace("''", "'", $_POST["Textarea_content"];);
$result=ibase_query($conn, $query);
You can always output $query to the browser to see what's really sent to
the database.
--
Milan Babuskov
http://fbexport.sourceforge.net
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/PhFolB/TM
---------------------------------------------------------------------~->
To unsubscribe from this group, send an email to:
firebird-php-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
.
[Non-text portions of this message have been removed]
looks right when sending to the browser, the "Token unknown" raised.
In php.ini also I have
magic_quotes_gpc = On
agic_quotes_runtime = Off
Is this correct ?
-------Original Message-------
From: firebird-php@yahoogroups.com
Date: Thursday, November 20, 2003 14:10:13 PM
To: firebird-php@yahoogroups.com
Subject: Re: [firebird-php] SQL script
Dorin Pacurar wrote:
> In a form, in a TEXTAREA I wroteI hate magic_quotes, and that is good example why. Your SELECT is turned
>
> SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH 'O''TOOL'
>
> The line in my script is:
>
> $result=ibase_query($conn, addslashes($_POST"Textarea_content"]));
>
> The result :
>
> Warning: ibase_query(): Dynamic SQL Error SQL error code = -104 Token
> unknown - line 1, char 58 O in c:\apache\htdocs\action.php on line 14
>
> in php.ini I've set magic_quotes_sybase = on
into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH ''O''''TOOL''
and sent to the database... of course, it won't work.
Addslashes only makes it worse, turning it into:
SELECT CLIENT FROM PERSOANE WHERE NUME STARTING WITH \'\'O\'\'\'\'TOOL\'\'
Nice, isn't it. ;)
My suggestion is not to use addslashes at all. If you want to keep
magic_quotes on, then do something like this:
$query = str_replace("''", "'", $_POST["Textarea_content"];);
$result=ibase_query($conn, $query);
You can always output $query to the browser to see what's really sent to
the database.
--
Milan Babuskov
http://fbexport.sourceforge.net
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges or Refill Kits for your HP, Epson, Canon or Lexmark
Printer at MyInks.com. Free s/h on orders $50 or more to the US & Canada.
http://www.c1tracking.com/l.asp?cid=5511
http://us.click.yahoo.com/mOAaAA/3exGAA/qnsNAA/PhFolB/TM
---------------------------------------------------------------------~->
To unsubscribe from this group, send an email to:
firebird-php-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
.
[Non-text portions of this message have been removed]