[KLUG Members] php and quotation marks
bill
bill at billtron.com
Tue Sep 27 09:52:59 EDT 2005
On Tue, 2005-09-27 at 09:04, Adam Tauno Williams wrote:
> > $update=$_GET['update'];
> > $catnum=$_GET['jeop_catnum'];
> > $category=$_GET['jeop_category'];
> > $ques2=$_GET['jeop_ques2'];
> > $ans2=$_GET['jeop_ans2'];
> > $ques4=$_GET['jeop_ques4'];
> > $ans4=$_GET['jeop_ans4'];
> > $ques8=$_GET['jeop_ques8'];
> > $ans8=$_GET['jeop_ans8'];
> > $ques16=$_GET['jeop_ques16'];
> > $ans16=$_GET['jeop_ans16'];
> > $ques32=$_GET['jeop_ques32'];
> > $ans32=$_GET['jeop_ans32'];
> > $ques64=$_GET['jeop_ques64'];
> > $ans64=$_GET['jeop_ans64'];
> > $ques128=$_GET['jeop_ques128'];
> > $ans128=$_GET['jeop_ans128'];
> > $ques256=$_GET['jeop_ques256'];
> > $ans256=$_GET['jeop_ans256'];
>
> Dude, use an array! :)
You bet.
> Use addslashes when storing a string to a database. The slashes
> themselves won't get stored, the RDBMS will discard them, and the string
> will be stored properly (assuming everything is configured correctly).
>
> $query = sprintf('UPDATE single SET category="%s", ques2="%s", ans2="%
> s", ques4="%s", ans4="%s", ques8="%s", ans8="%s", ques16="%s", ans16="%
> s", ques32="%s", ans32="%s", ques64="%s", ans64="%s", ques128="%s",
> ans128="%s", ques256="%s", ans256="%s"',
> addslashes($category), addslashes$ques2), addslashes($ans2),
> addslashes($ques4),
> addslashes($ans4), addslashes($ques8), addslashes($ans8),
> addslashes($ques16),
> addslashes($ans16), addslashes($ques32), addslashes($ans32),
> addslashes($ques64),
> addslashes($ans64), addslashes($ques128), addslashes($ans128),
> addslashes($ques256),
> addslashes($ans256));
Aaaagh. That's painful to look at.
Do all your add slashes first, and skip the whole sprintf stuff.
Put this at the top:
while (list($key,$val)= each($_GET)) {
$_GET["$key"]= addslashes($val);
} // end while
Then you can use the original code you have.
BTW, that's assuming that your problem with quotes was with putting them
in the DB and not with displaying them in HTML.
kind regards,
bill
________________________________________________________________________
More information about the Members
mailing list