Thread: Add Slashes

    #1
  1. No Profile Picture
    Indie Poser Punk
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Location
    Wayne, PA
    Posts
    216
    Rep Power
    15
    Ok...I'm writing from a form to a MySQL database and the database doesn't like apostrophes. Can someone tell me where this code is screwey? Thanks!

    <?php

    addslashes($sk1,$sk2,$sk3,$sk4,$sk5,$sk6,$sk7,$sk8,$sk9,$sk10,$sk11,$sk12,$sk13,$sk14,$sk15,$sk16,$s k17,$sk18,$sk19,$sk20,$sk21,$sk22,$sk23,$sk24,$sk25,$sk26,$sk27,$sk28,$sk29,$sk3 0,$sk31,$sk32,$sk33,$sk34,$sk35);


    if ($submit) {
    //process the form
    $db = mysql_connect('databaseip', databasename, databasepassowrd);
    mysql_select_db("databasename",$db);
    $sql = "INSERT INTO tablename (sk1,sk2,sk3,sk4,sk5,sk6,sk7,sk8,sk9,sk10,sk11,sk12,sk13,sk14,sk15,sk16,sk17,sk18,sk19,sk20,sk21,sk2 2,sk23,sk24,sk25,sk26,sk27,sk28,sk29,sk30,sk31,sk32,sk33,sk34,sk35) VALUES ('$sk1','$sk2','$sk3','$sk4','$sk5','$sk6','$sk7','$sk8','$sk9','$sk10','$sk11','$sk12','$sk13','$sk 14','$sk15','$sk16','$sk17','$sk18','$sk19','$sk20','$sk21','$sk22','$sk23','$sk 24','$sk25','$sk26','$sk27','$sk28','$sk29','$sk30','$sk31','$sk32','$sk33','$sk34','$sk35')";
    $result = mysql_query($sql);

    require("thanks.inc");

    } else {

    //display the form

    ?>
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2000
    Posts
    669
    Rep Power
    15
    The problem is that you cannot just run addslashes() you need to assign the result of the addslashes() function to a variable.

    like:

    $sk1 = addslashes($sk1);

    Unfortunately you will need to to it for everyone of them or use

    while(list($key,$val) = each($HTTP_POST_VARS)) {
    $val = addslashes($val);
    }
    reset($HTTP_POST_VARS);
    extract($HTTP_POST_VARS);

    Now run your query
  4. #3
  5. No Profile Picture
    Indie Poser Punk
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Location
    Wayne, PA
    Posts
    216
    Rep Power
    15
    Thanks! I'm doing it the hard way now (with all by assigning the value to each one), but am a bit confused with the following code:

    while(list($key,$val) = each($HTTP_POST_VARS)) {
    $val = addslashes($val);
    }
    reset($HTTP_POST_VARS);
    extract($HTTP_POST_VARS);

    I understand the theory, but it isn't working. Thanks for the help!


  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2000
    Posts
    669
    Rep Power
    15
    Here I tested this one

    while(list($key,$val) = each ($HTTP_POST_VARS)) {
    $newarray[$key] = addslashes($val);
    }
    extract($newarray);
  8. #5
  9. No Profile Picture
    Indie Poser Punk
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Location
    Wayne, PA
    Posts
    216
    Rep Power
    15
    Ok...am I supposed to change any of that code? I cut and pasted it right before my if($submit) statement and here is what i get in the browser above my form:

    Warning: Variable passed to each() is not an array or object in /home/chocodog/bittergravity-www/skippys/indexslash.php3 on line 23

    Warning: Wrong datatype in call to extract() in /home/chocodog/bittergravity-www/skippys/indexslash.php3 on line 26

    I really appreciate all you help.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Jul 2000
    Posts
    669
    Rep Power
    15
    It should go right inside the if ($submit) and you are using the POST method to submit your form, right? If not you need to change the $HTTP_POST_VARS to $HTTP_GET_VARS
  12. #7
  13. No Profile Picture
    Indie Poser Punk
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Location
    Wayne, PA
    Posts
    216
    Rep Power
    15
    I was using the POST method, but putting the script within the if($submit) did the trick! Thanks for the help. I am now going to study that code you sent so I can figure out how it works. Thanks!

IMN logo majestic logo threadwatch logo seochat tools logo