[ale] [OT] .php logic problem
Ronald Chmara
ron at Opus1.COM
Thu Aug 7 14:48:11 EDT 2003
On Thursday, August 7, 2003, at 02:02 PM, James P. Kinney III wrote:
> IANAPHPE (I am not a PHP expert).
> It looks to me that you need some logic code to handle the \' issue.
> if character_before(') eq "\" do_nothing else sed s/'/\'/
> Now the character_before function I can do in perl with string
> counting.
> No clue how to do this in php.
http://www.php.net/manual/en/function.strpos.php
> On Thu, 2003-08-07 at 13:51, ChangingLINKS.com wrote:
>> I have spent a lot of time on a weird php problem.
>> I am trying to make sure that the ' character is always escaped in my
>> database.
>> * I do not have the ability to configure the server.
>> * I do not know or care to know if magic_quotes_gpc is ON
>> Â
>> * htmlspecchar is not an option
>>
>> I am using a form to update a field in the table.
>> 1. If I use addslashes over and over like this:
>> $description = addslashes($description);
>> each time I click "update" it adds more and more slashes. (\\\\')
Ayup. Quite amusing, ain't it?
>> 2. If I stripslashes and addslashes like this:
>> $description = stripslashes($description);
>> $description = addslashes($description);
>> this results in ' (no slashes) (why?)
Make sure you read:
http://bugs.php.net/bug.php?id=15711
There is a bit of confusion about how addslashes is supposed to work....
>> 3. If I try getting fancy, I get lost like this:
>> $description = stripslashes($description);
>> $description = ereg_replace("'", "3edc1", $description);
>> $description = ereg_replace("3edc1", "'", $description);
>> $description = addslashes($description);
>> this still results in ' (no slashes)
FWIW, ereg and preg are horrid, vile, despicable CPU wasters for
something this simple. Did I mention they're big, too? :-) It's not
perl, it's PHP, there are tons of string functions so you can avoid
regexps....
http://www.php.net/manual/en/function.str-ireplace.php
http://www.php.net/manual/en/function.str-replace.php
http://www.php.net/manual/en/function.strtr.php
Are *all* much faster. I know it doesn't help your problem, I just
dislike seeing slow code. :-)
>> 4. My goal is to always end up with \' in the database after I update
>> How do I do that?
Well, what I generally do is have one "screen" variable, and one db
variable. Depending on the db, I like to use:
http://www.php.net/manual/en/function.mysql-escape-string.php
http://www.php.net/manual/en/function.pg-escape-string.php
(etc.)
The addslashes function isn't super-bright about db-specific quote and
character issues, which is why there are separate PHP functions for
each db. Typically, my code looks like:
<?php
$screendescription = stripslashes("$description");
$dbdescription = pg_escape_string("$screendescription");
// etc...
?>
A totally odd side thought:
Perhaps your db viewing method is stripping out the "\'", so the insert
*is* slashing, but you're not aware of it? Or PHP is slashing, but
evaluating to screen (via echo) in unpected ways (see above bug)....
Or am I misreading, and you're *not* trying to store "O'brien" in the
database, but "O\'brien", in which case you want to be inserting
"O\\\'brien"?
-Bop
Ronald Chmara
Ronin Professional Consulting LLC
520-326-6109
"I can see you're really upset about this. I honestly think you ought
to sit down calmly, take a stress pill and think things over." --Hal.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list