#1
  1. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    Encountered a problem when moving data from a temporary table.

    Problem occurs, and it makes sense to me, when an entry contains an (') apostrophe.

    Naturally we need an escape character. (')

    Granted, when we insert the data from a form, there isn't a problem..

    Can anyone offer a solution?

    I know I could use the addslashes function to this, given the size of the table, just wondering if there's another way?
  2. #2
  3. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,648
    Rep Power
    4493
    There are a couple magic_quote settings in the php.ini file. One of them (runtime I think) will add slashes to data pulled out of a database into the script. maybe you should enable this? otherwise, you'll have to use addslashes.

    Have you looked into doing a INSERT INTO table SELECT * FROM table kind of thing? Depends what database your using and version whether this is allowed or not.

    ---John Holmes...

    ------------------
    *************************************************************
    * The manual can probably answer 90% of your questions...
    *
    * PHP Manual. www.php.net/manual
    * MySQL Manual: www.mysql.com/documentation/mysql/bychapter
    *************************************************************
  4. #3
  5. No Profile Picture
    Apprentice Deity
    Devshed Loyal (3000 - 3499 posts)

    Join Date
    Jul 1999
    Location
    Niagara Falls (On the wrong side of the gorge)
    Posts
    3,237
    Rep Power
    19
    insert ... select ... is probably the best way to go if you can. If not magic_quotes_runtime will do as John says, but I don't recommend setting it in php.ini as for most pages you WON'T want it enabled. Instead use set_magic_quotes_runtime(1) at the top of the script to enable it for that script.
  6. #4
  7. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    Thanks for the reply's a couple of names I trust This problem, really caught me off gaurd.. I never even thought about this one.

    As I played with this I noticed, and think that the problem is a combination of things.

    I have a couple of hidden fields in the document, which also carry the "name", when an apostrophe was inserted into the name, by the third step of the process, the "name" had 3 "" in there...

    Looks to me like I also need to slip in the "stripslashes()" in a few places.

    I obviously don't need the "addslashes()" when inserting to the db, directly from the form... the forms already seem to add slashes.

    Sepod, I don't believe I follow your reference?

    Since I perform the "insert" at one point. With each step of the form I perform an "update" to/of the "temporary" table.

    Once the process is successfully completed, we then do a "select *" and perform the final "insert".

    Since I'm using a "mysql_fetch_array" on the select, it wouldn't be too much to addslashes() at that point.

    $rows=@mysql_fetch_array($result);
    $name = addslashes($rows["name"]);

    I'm guessing that I should add the stripslashes() to the variables when "echoed" as the form fields value...

    <input type="text" name="name" value="<?php echo stripslashes($name); ?>">

    I'd probably choose the above over the magic_quotes settings.. that one is very new to me, and I'm still not sure I understand that one.
  8. #5
  9. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Brussels, Belgium
    Posts
    14,648
    Rep Power
    4493
    I'm not following the flow of things here. Are you pulling data out of a table, showing it in a form, submitting the form and putting the data into a new table?

    Data pulled out of a table and shown on a page will not need any modification.

    Data pulled out of a table and inserted into another table will need addslashes()

    Data submitted by a form and inserted into a table will not need any modifications.

    Data submitted in a form and shown on a page will need stripslashes()

    That's with magic_quotes_gpc = On, magic_quotes_runtime = Off, which is the default, in the php.ini file.

    If that doesn't help, explain the flow of things and the code you are using...

    ---John Holmes...
  10. #6
  11. No Profile Picture
    Robert_J_Sherman
    Guest
    Devshed Newbie (0 - 499 posts)
    Sepod,

    Okay, the flow of the form in question is a "multi-step" form. Once each step is submitted, the input is stored in a temporary table.

    With the exception of a couple of fields which are carried from step to step.. namely a "name" field.

    Once they reach the final step, the information is then querried and displayed for a "final" verification..

    Once they accept it, it's then moved into the permanent table.

    I did actually solve the issue in question, by strategically placing the add and stripslashes() functions.

    The ultimate cause of things was that with each step, a slash was being added, so what I would wind up with was a form field value that contained a number of slashes, like: Jim O'Reilly..

    This seemed to cause an sql error, which resulted in the moved data to be lost somewhere.. It was odd.. and certainly not anticipated.

    ------------------
    SnR Graphics,
    Low Cost Hosting and Web Development.

IMN logo majestic logo threadwatch logo seochat tools logo