Inserting the plus operator? 2

[jisoo23]

Hey everyone,

I've been looking for a solution for this but haven't been able to find it on google. I'm attempting to insert into a varchar field a value which includes the operator plus. Meaning I'm trying to enter a value like '10+'. Problem is that mysql doesn't like it.

This value is being entered via a PHP form, I already have mysql_real_escape_string already being performed on it but it seems to not pick up arithmetic operator characters. Can anyone suggest a solution?

Thanks in advance,
Jisoo23

 

[KarveR]

I seem top remeber something about addslashes($sql) in php to preserve literals.

May be wrong, its been a year or 3 now

http://uk.php.net/manual/en/function.addslashes.php

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[jisoo23]

Yeah I thought of that one too, unfortunately I think "+" isn't one of the characters it considers... =(

 

[sleipnir214]

How are you trying to do this? If I go to the mysql add (on a Linux box) and perform the query "INSERT INTO foo (someval) VALUES ('10+');", MySQL takes it.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jisoo23]

I take the value in through a form, then send that value through this function:

// Quote variable to make safe
function quote_smart($value)
{
   // Stripslashes
   if (get_magic_quotes_gpc()) {
	   $value = stripslashes($value);
   }
   // Quote if not integer
   if (!is_numeric($value)) {
	   $value = "'" . mysql_real_escape_string($value) . "'";
   }
   return $value;
}

Then I enter it in via mysql_query(). Maybe there's something wrong with the logic of my function?

Thanks,
Jisoo23

 

[sleipnir214]

Maybe. Maybe not.

What is the exact SQL query your script produces and hands to MySQL to process?

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jisoo23]

Here's the relevant snippet...

	$value1 = quote_smart($_POST[field1]);
	$sql = "INSERT INTO table1 (column1) VALUES ($value2)";

	if (mysql_query($sql, $conn)) {
		echo "Entry successful.  Click <a href='index.php'>here</a>";
		exit;
	}

 

[sleipnir214]

No, that's not what I asked for.

I do not want to see the code the produced the query. I want to see the query itself.

Change:

$sql = "INSERT INTO table1 (column1) VALUES ($value2)"

To:

$sql = "INSERT INTO table1 (column1) VALUES ($value2)"
print $sql;

and post here what is output to the browser.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jisoo23]

Well that's weird. I performed the exact same query as I executed last night only this time the query was successful. I checked the table to verify that it inserted correctly and it did! I didn't make any changes to coding...I'm not sure what happened but it seems to accept the "+" character with no problem =/

Well hopefully it won't pop up again. I appreciate your quick responses though, I gave everyone a star!

Thanks!
Jisoo23

 

[sleipnir214]

I think you've made an incorrect assumption about what is causing the error. That's why I was asking to see the actual query your code produced -- to test whether your assumptions were valid.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jisoo23]

That's probably very likely...I'm going to be using this particular PHP page for some data entry so I may see this error again. I'll just have it print out every SQL statement executed and when the error pops up, I'll post the SQL up here. Thanks sleipnir

 

[sleipnir214]

Or simply output the query as part of the error output when mysql_query() indicates an error.

Want the best answers? Ask the best questions!

TANSTAAFL!!