addslashes isnt working

Discussion in 'PHP' started by c4cyber, Feb 9, 2010.

0
  1. #1
    hi guys! can anyone help?

    i'mdoing this...
    $var="what's your name";
    $var=addslashes($var);

    echo $var; //what\'s your name

    bt when i insert $var in mysql...
    it stored at .....what's your name...instead of what\'s your name...

    using wamp, magic_quote are disabled...

    mysql_real_escape_string() isnt working as well...
    any solution?
     
    c4cyber, Feb 9, 2010 IP
  2. bartolay13

    bartolay13 Active Member

    Messages:
    735
    Likes Received:
    14
    Best Answers:
    1
    Trophy Points:
    98
    #2
    make sure after you reconfigure the apache restart wamp server..
     
    bartolay13, Feb 9, 2010 IP
  3. c4cyber

    c4cyber Well-Known Member

    Messages:
    1,040
    Likes Received:
    27
    Best Answers:
    1
    Trophy Points:
    150
    #3
    apache? what it has to do with php functions?
    its working for webpage...bt slash isnt being saved in db
     
    c4cyber, Feb 9, 2010 IP
  4. thorie

    thorie Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Depends on your query. For example, if you are doing the query with a string such as

    $sql = "INSERT INTO my_table VALUES(\"What\'s Your Name\")";

    Then the \' becomes a regular quote without the backslash. So you would need:

    $sql = "INSERT INTO my_table VALUES(\"What\\\'s Your Name\")";

    Two backslashes to make one backslash appear. And one backslash-quote to make the quote appear.

    If you're confused at this point, just echo out the string before you run the query and see what it looks like. If it doesn't have a backslash quote in the string output before you run the query, then of course it won't have the backslash quote in the DB either.
     
    thorie, Feb 10, 2010 IP
  5. c4cyber

    c4cyber Well-Known Member

    Messages:
    1,040
    Likes Received:
    27
    Best Answers:
    1
    Trophy Points:
    150
    #5
    it does have slash at echo...bt not in db
    it doesnt even show error while being insert into db...n query runs fine...

    $username="O ' sumon";
    $username=addslashes(4username);
    $qurey="insert into tablename (name)values('$username')";

    i think problem is at db end...coz if addslash wont work here, query cant be executed successfully..
     
    c4cyber, Feb 10, 2010 IP
  6. thorie

    thorie Peon

    Messages:
    35
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    If your string is "O\'reilly", it will store "O'reilly".
    If your string is "O\\\'reilly", it will store "O\'reilly".
    Try it with the extra slashes. It won't show any errors because both of these are perfectly valid.
     
    thorie, Feb 10, 2010 IP
  7. SmallPotatoes

    SmallPotatoes Peon

    Messages:
    1,321
    Likes Received:
    41
    Best Answers:
    0
    Trophy Points:
    0
    #7
    addslashes() is the worst thing in the universe. Never use it.

    If you are inserting into MySQL, use mysql_real_escape_string().
     
    SmallPotatoes, Feb 13, 2010 IP
  8. Bec0de

    Bec0de Well-Known Member

    Messages:
    46
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    115
    #8
    You can use that function instead of mysql_real_escape_string() (Doesn't matter if magic quotes is enabled/disabled).
    
function magic_clean($input){
	if (get_magic_quotes_gpc()) {
		$input = mysql_real_escape_string(stripslashes($input));
	}else{
		$input = mysql_real_escape_string($input);
	}
	return $input;
}
    PHP:
     
    Bec0de, Feb 13, 2010 IP