A fix against single quote mess in mysql 1

[Sleidia]

Hello,

I've always designed sites in English and Japanese. But now, I have to make a French version and I am doomed by
the single quotes ( apostrophes ) that produce plenty of
backslashes when inserted in a mysql database.

Putting "set_magic_quotes_runtime (1);" on the top of the
code would prevent errors to say hello to me but this is painful to get all those backslashes when updating data over and over.

I went here ...

http://php.ca/manual/fr/function.addslashes.php

...but I didn't manage to find a solution that could fit
easily (without re-organizing the whole previous code) in my present and past projects.

Does anyone know how to fix it?
Thanks a lot to the one who will have to kindness to give some useful feedback.

Have a good day.

My Work...

http://www.pariswave.com

http://www.tppro.com

http://www.france.jalpak.fr

http://www.tokyo-gas.co.jp/IR/ir_j.html

http://www.scandinavia.co.jp

...and More...

 

[KarveR]

This one may be more useful :

http://www.php.net/manual/en/function.mysql-real-escape-string.php

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[phpPete]

I found this on SitePoint.com

---
magic_quotes, addslashes(), and stripslashes()
magic_quotes_gpc, when on, automatically adds slashes to all GET/POST/COOKIE data so that you don't need to use addslashes() before using GET/POST/COOKIE data in MySQL queries, etc. (e.g. with magic_quotes_gpc OR addslashes(), I'm becomes I\'m). Well, magic_quotes_gpc is no convenience and just complicates things! Forum member HarryF has written an article entitled Slash 'em: The War Against Magic Quotes.

http://www.pinkgoblin.com/quotesarticle.php

Since magic_quotes_gpc can be on or off, you don't know whether to use addslashes() or not. You don't want to use addslashes() when magic_quotes_gpc is on because you'll add too many slashes (e.g. I'm becomes I\\\'m), which is bad. Use addslashes() if magic_quotes_gpc is off, and don't if it's on (you can find out its setting with get_magic_quotes_gpc()). But you can't use the same code all the time. One workaround is something such as:


PHP:--------------------------------------------------------------------------------
if (!get_magic_quotes_gpc()) { $txt = addslashes($txt); }

--------------------------------------------------------------------------------


Things are further complicated if you want to first manipulate text that has had magic_quotes_gpc applied. You then have some text that has slashes added and some that doesn't. The effect of this is: some text will be wrong whether you use addslashes() or not.

It's easiest to turn off magic_quotes_gpc, which I recommend, and use addslashes() manually all the time and not worry about the wrong amount of slashes. This is what it says in the recommended php.ini:


quote:
--------------------------------------------------------------------------------
magic_quotes_gpc = Off
Input data is no longer escaped with slashes so that it can be sent into SQL databases without further manipulation. Instead, you should use the function addslashes() on each input element you wish to send to a database.
--------------------------------------------------------------------------------



As I said above, if you use addslashes() when magic_quotes_gpc is on, too many slashes will be added. For inserting I'm into MySQL, you want it to be I\'m (and it will come out as I'm). Using addslashes() with magic_quotes_gpc, however, will give you I\\\'m. THAT will come out of MySQL as I\'m, which is not the original text. Most people assume that you are supposed to use stripslashes() when retrieving data from MySQL because otherwise they have slashes in their text. But that's fixing a problem that should never have occurred. If you have to use stripslashes() on text from your database, it's because you added too many slashes when you inserted it. You should never have to use stripslashes() on text from your database. If you do, you need to fix the problem at the source, rather than after the fact.

You can turn off magic_quotes_gpc in php.ini or like this in a .htaccess file:


code:
--------------------------------------------------------------------------------

<IfModule mod_php4.c>
php_flag magic_quotes_gpc off
</IfModule>

--------------------------------------------------------------------------------



If that's not possible, you can put the following code at the top of all your files (in a require or include). It will strip the slashes that magic_quotes_gpc added, virtually turning it off.


code:
--------------------------------------------------------------------------------

function strip_magic_quotes($arr)
{
foreach ($arr as $k => $v)
{
if (is_array($v))
{
$arr[$k] = strip_magic_quotes($v);
}
else
{
$arr[$k] = stripslashes($v);
}
}

return $arr;
}

if (get_magic_quotes_gpc())
{
if (!empty($_GET)) { $_GET = strip_magic_quotes($_GET); }
if (!empty($_POST)) { $_POST = strip_magic_quotes($_POST); }
if (!empty($_COOKIE)) { $_COOKIE = strip_magic_quotes($_COOKIE); }
}

 

[Sleidia]

Thanks a lot phpPETE !
Lots of useful info here.

A star and all my greetings to you! My Work...

http://www.pariswave.com

http://www.tppro.com

http://www.france.jalpak.fr

http://www.tokyo-gas.co.jp/IR/ir_j.html

http://www.scandinavia.co.jp

...and More...