[TriLUG] PHP strange code question

David Rasch rasch at raschnet.com
Fri Jan 7 17:08:35 EST 2005 

For mysql, you can use "mysql_escape_string".  You might try this
resource which claims to have the equivilent for mssql:
http://www.phpfreaks.com/quickcode/code/326.php

On Fri, Jan 07, 2005 at 04:10:04PM -0500, David McDowell <turnpike420 at gmail.com> wrote:
> FC3, Apache 2.x, PHP 4.3.9, and ya, MSSQL2000 is the db
> 
> $Event = "\"".$_POST['event']."\"";
> 
> $calquerya = "Insert Into Calendar (CalDate, CalEvent, OwnEvent,
> TextB, TextI, TextU, Personal) Values
> ('$PDate',$Event,'$AUser','$TB','$TI','$TU','$P')";
> 
> Note in the above SQL statement the lack of single quotes around $Event.
> 
> The Event field comes POSTed from an HTML form with this TEXTAREA code:
> 
> <TEXTAREA name="event" rows="2" cols="30">
> <?
>         if ($_POST['event']){
>                 echo stripslashes($_POST['event']);
>                 } else {
>                 echo stripslashes($calrow1['CalEvent']);} ?>
> </TEXTAREA>
> 
> Here is the reason for my question. Since Event is a TEXTAREA that
> could contain contractions or ownership denoted by a single tick
> (apostrophe, etc. such as: it's or David's) to POST the form to
> itself, interact with the database (MSSQL) and reprocess with PHP,
> $Event must be set the way you see above with the "\"" stuff, I
> presume physically putting in the double quote into the string for the
> SQL statement.  Am I missing some facts or is this something we may
> have to do on a regular basis.  This is same PHP page form processing
> and interaction with database intermingled.  Something about this just
> doesn't feel right (and no "duh, MSSQL" comments please... I can't
> change that.)
> 
> This does not seem to work or meet our needs (escaping the apostrophe):
> $Event = addslashes($_POST['event']);
> 
> I hope I have given enough information for parsing.  Anything you see
> you can throw my way would be much appreciated.
> 
> Thanks,
> David
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>

More information about the TriLUG mailing list