Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AddSlashes function 1

Status
Not open for further replies.
bgarlock

bgarlock

MIS
Jan 23, 2002
173
US
I'm having a strange issue with the PHP AddSlashes function. I have a PHP script that gets information from one ODBC datasource, and UPDATES a MySQL db. I assign the variable from the ODBC datasource, and then perform the AddSlashes function on that variable for inclusion into the MySQL db. This works fine, until the variable has both " and ' in the string. For example, if the variable is: 30" & 40" INV'S -- The AddSlashes function will only escape the quotes, and not the '. If I remove the quotes from the variable, it properly escapes the ', and vice versa. Is this a possible bug in PHP?

PHP 4.0.6 (with upload file patch)
Apache 1.3.22
RH 6.2 Bruce Garlock
bruceg@tiac.net
 
Sort by date Sort by votes
I forgot to mention that the variable passes to the modify script, via a hidden HTML tag (since it is not user input). I found out that I need to use the urlencode function, to get this in there properly.

Now I'm having a problem, with a print script, that I use to automatically print the data, once it's modified.

Here is how I print:

$job_desc = urldecode($job_desc);

define(PRINT_CMD, " lpr -Pis ");

$msg = "-----------------------------\n";
$msg .= "| $type DRAWDOWN REQUEST |\n";
$msg .= "----------------------------- \n";
$msg .= "\n\n";
$msg .= " REPORT RUN: $today\n\n\n";
$msg .= "DATE of Request: $date\n";
$msg .= "Job #: $job_id\n";
$msg .= "Desc: $job_desc\n";
// redirect $msg to system print command
$cmd="echo $msg | ".PRINT_CMD;

// execute the command
exec($cmd);


If the variable $job_desc contains both " and ' in the description, it will NOT print. If the variable contains just " or just ' it prints fine. Any ideas here? Bruce Garlock
bruceg@tiac.net
 
Upvote 0 Downvote
Again, perhaps you should use regex.

But let me think a while....

How does data look like when entered the first time in the database?

What I want to point you to is that you if avoid this double-quotes stuff when data is entered, you wont have to bother later.

Got me? cu, Sascha
 
Upvote 0 Downvote
Ive tried these regex replacements with no success:

$job_desc = eregi_replace("'", "\'", $job_desc);
$job_desc = str_replace("'", "\'", $job_desc);

Not sure why it doesn't work for the ', but it will work for the ".

I'm a little confused as to what you mean by data entered. The variable is being passed to this script by the hidden HTML tag, so there is no user input. It is passing it along from another place. I am also now using the urlencode function, which stores the entry in the db like this:

30%22+%26+40%22+PHP

When I use urldecode, it properly displays the variable on the screen, but printing does not work with the above printing script. I'm guessing this must have something to do with the '. Can you recommend another regex to try?

Thanks for your help. Bruce Garlock
bruceg@tiac.net
 
Upvote 0 Downvote
<?php

$test = &quot;Job desc with ' and \&quot; in it.\n&quot;;

$new_test = preg_replace (&quot;(\')&quot;, &quot;\&quot;&quot;, $test);

echo $test.$new_test;

echo addslashes($test).addslashes($new_test);

?>

HTH, Sascha cu, Sascha
 
Upvote 0 Downvote
I'll give it a try next week - I'm on a &quot;small&quot; vacation, and will be back in next Wednesday to give it a whirl (kind of hard to test a printing function away from a printer :)

That little bit of code looks logical, and looks like it will work. Hopefully I'll be giving you a star next Wednesday :)

Thanks for all your help. Bruce Garlock
bruceg@tiac.net
 
Upvote 0 Downvote
I don't mean to be a pain in the a$$, but are hidden HTML fields really needed? Might not solve the problem, but you'll be a lot better off if you can use session variables.
 
Upvote 0 Downvote
Yes, I certainly could use session variables, but for this application, it's not really necessary. Passing the variable with the hidden tag works just fine.

Regradless, I have found a solution to my problem, by passing the variable that causes my printing to cease through the escapeshellcmd function.

$job_desc = escapeshellcmd($job_desc);

did the trick! Bruce Garlock
bruceg@tiac.net
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

coldbohemia
  • Locked
  • Question
network folder inaccessible from php is_dir function
Replies
2
Views
258
coldbohemia
coldbohemia
Krus1972
  • Locked
  • Question
Special Character Filter Function Problem
Replies
2
Views
135
Unscruffed
Unscruffed
Marine1969
  • Locked
  • Question
DB Connection in Function Call 1
Replies
4
Views
165
Marine1969
Marine1969
someoneneedshelps
  • Locked
  • Question
where is the data in this function?
Replies
5
Views
112
ChrisHirst
ChrisHirst
Geates
  • Locked
  • Question
Static variables and functions 1
Replies
6
Views
311
Geates
Geates

Part and Inventory Search

Sponsor

Back
Top