[KLUG Members] php and quotation marks

bill bill at billtron.com
Tue Sep 27 09:52:59 EDT 2005

Previous message: [KLUG Members] php and quotation marks
Next message: [KLUG Members] php and quotation marks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2005-09-27 at 09:04, Adam Tauno Williams wrote:
> > $update=$_GET['update'];
> > $catnum=$_GET['jeop_catnum'];
> > $category=$_GET['jeop_category'];
> > $ques2=$_GET['jeop_ques2'];
> > $ans2=$_GET['jeop_ans2'];
> > $ques4=$_GET['jeop_ques4'];
> > $ans4=$_GET['jeop_ans4'];
> > $ques8=$_GET['jeop_ques8'];
> > $ans8=$_GET['jeop_ans8'];
> > $ques16=$_GET['jeop_ques16'];
> > $ans16=$_GET['jeop_ans16'];
> > $ques32=$_GET['jeop_ques32'];
> > $ans32=$_GET['jeop_ans32'];
> > $ques64=$_GET['jeop_ques64'];
> > $ans64=$_GET['jeop_ans64'];
> > $ques128=$_GET['jeop_ques128'];
> > $ans128=$_GET['jeop_ans128'];
> > $ques256=$_GET['jeop_ques256'];
> > $ans256=$_GET['jeop_ans256'];
> 
> Dude, use an array! :)

You bet.


> Use addslashes when storing a string to a database.  The slashes
> themselves won't get stored, the RDBMS will discard them, and the string
> will be stored properly (assuming everything is configured correctly).
> 
> $query = sprintf('UPDATE single SET category="%s", ques2="%s", ans2="%
> s", ques4="%s", ans4="%s", ques8="%s", ans8="%s", ques16="%s", ans16="%
> s", ques32="%s", ans32="%s", ques64="%s", ans64="%s", ques128="%s",
> ans128="%s", ques256="%s", ans256="%s"',
>   addslashes($category), addslashes$ques2), addslashes($ans2),
> addslashes($ques4), 
>   addslashes($ans4), addslashes($ques8), addslashes($ans8),
> addslashes($ques16), 
>   addslashes($ans16), addslashes($ques32), addslashes($ans32),
> addslashes($ques64),
>   addslashes($ans64), addslashes($ques128), addslashes($ans128),
> addslashes($ques256),
>   addslashes($ans256));

Aaaagh.  That's painful to look at.  

Do all your add slashes first, and skip the whole sprintf stuff.

Put this at the top:

while (list($key,$val)= each($_GET)) {
	$_GET["$key"]= addslashes($val);
} // end while

Then you can use the original code you have.

BTW, that's assuming that your problem with quotes was with putting them
in the DB and not with displaying them in HTML.

kind regards,

bill

________________________________________________________________________

Previous message: [KLUG Members] php and quotation marks
Next message: [KLUG Members] php and quotation marks
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list