Re: store backslash in mysql database [message #170729 is a reply to message #170677] |
Wed, 17 November 2010 10:53 |
Helmut Chang
Messages: 22 Registered: September 2010
Karma:
|
Junior Member |
|
|
Am 14.11.2010 20:08, schrieb Jerry Stuckle:
> On 11/13/2010 3:41 AM, Helmut Chang wrote:
>> Am 13.11.2010 04:28, schrieb Jerry Stuckle:
That's, what you wrote:
>>> mysql_real_escape_string() won't change backslashes.
That's, what the manual says:
>> | mysql_real_escape_string() calls MySQL's library function
>> | mysql_real_escape_string, which prepends backslashes to the following
>> | characters: \x00, \n, \r, \, ', " and \x1a.
So the function escapes a backslash.
> You're correct on the specific case of "\n" and I am incorrect. However,
> please read more closely. It does NOT handle every other instance of a
> backslash - it doesn't, for instance, handle \t or \b, both of which are
> valid control characters. In fact, it only handles 5 specific cases.
Sorry, here you confuse the *string* "\t" with the *Tab*-Character,
which can be expressed in PHP by writing:
$data = "A\tB";
This string internally contains no backslash. It contains three
characters. You wrote:
| mysql_real_escape_string() won't change backslashes. It has no way
| to know if, for instance, "\n" is a newline character or a backslash |
and an n.
And I wrote, that it does. And it's irrelevant, that
mysql_real_escape_string() does not escape a tab-character, because
there's no need to. But it must escape a backslash-character, because
mysql itself treats a backslash also as an escaping character:
INSERT INTO foo (bar) VALUES 'A\tB';
INSERT INTO foo (bar) VALUES 'A B';
are equivalent.
But if you want to insert a string "\t", the backslash must be escaped:
INSERT INTO foo (bar) VALUES 'A\\tB';
Here's a script:
<?php
$string1 = "A B";
$string2 = "A\tB";
$string3 = 'A\tB';
var_dump($string1);
var_dump($string2);
var_dump($string3);
$conn = mysql_connect('localhost', 'root', 'xxx');
$escapedString1 = mysql_real_escape_string($string1, $conn);
$escapedString2 = mysql_real_escape_string($string2, $conn);
$escapedString3 = mysql_real_escape_string($string3, $conn);
var_dump($escapedString1);
var_dump($escapedString2);
var_dump($escapedString3);
mysql_select_db('test');
$query = "INSERT INTO CharTest (CharColumn) VALUES ('%s')";
mysql_query(sprintf($query, $escapedString1));
mysql_query(sprintf($query, $escapedString2));
mysql_query(sprintf($query, $escapedString3));
$result = mysql_query('SELECT CharColumn FROM CharTest');
while ($row = mysql_fetch_assoc($result))
var_dump($row['CharColumn']);
mysql_free_result($result);
mysql_close($conn);
?>
|
|
|