| function for preserving special characters? [message #186078] |
Fri, 13 June 2014 04:57  |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
When attempting to transfer records from one table to another, certain
records refuse to be.
Such as those with words like "I'm".
What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
I know there is a procedure in PHP for dealing with this.
I just can't find it right now.
Can anyone help on this?
|
|
|
|
| Re: function for preserving special characters? [message #186079 is a reply to message #186078] |
Fri, 13 June 2014 09:03  |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <4s7xh8hg1pcy(dot)ov70m21znbte$(dot)dlg(at)40tude(dot)net>, richard
<noreply(at)example(dot)com> wrote:
> When attempting to transfer records from one table to another, certain
> records refuse to be.
> Such as those with words like "I'm".
> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>
> I know there is a procedure in PHP for dealing with this.
> I just can't find it right now.
> Can anyone help on this?
You need to read up on your database and find how it deals with things
like single-quotes (') in strings that you want to update a column
with. Or rather, how it expects *you* to present the data.
For SQLite, I do this:
$x = str_replace ('\'', '\'\'', $xx);
--
"Freedom is sloppy. But since tyranny's the only guaranteed byproduct of
those who insist on a perfect world, freedom will have to do." -- Bigby Wolf
|
|
|
|
| Re: function for preserving special characters? [message #186080 is a reply to message #186078] |
Fri, 13 June 2014 10:39 |
Doug Miller
Messages: 171
Registered: August 2011
Karma: 0
|
Senior Member |
|
|
richard <noreply(at)example(dot)com> wrote in news:4s7xh8hg1pcy.ov70m21znbte$.dlg@
40tude.net:
> When attempting to transfer records from one table to another, certain
> records refuse to be.
> Such as those with words like "I'm".
> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
That alone should be sufficient for you to realize that the problem isn't what you think it is.
|
|
|
|
|
|
|
|
| Re: function for preserving special characters? [message #186083 is a reply to message #186079] |
Fri, 13 June 2014 13:32 |
Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
Tim Streater wrote:
> In article <4s7xh8hg1pcy(dot)ov70m21znbte$(dot)dlg(at)40tude(dot)net>, richard
> <noreply(at)example(dot)com> wrote:
>
>> When attempting to transfer records from one table to another, certain
>> records refuse to be.
>> Such as those with words like "I'm".
>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>
>> I know there is a procedure in PHP for dealing with this.
>> I just can't find it right now.
>> Can anyone help on this?
>
> You need to read up on your database and find how it deals with things
> like single-quotes (') in strings that you want to update a column
> with. Or rather, how it expects *you* to present the data.
>
> For SQLite, I do this:
>
> $x = str_replace ('\'', '\'\'', $xx);
However, remember Bobby Tables: <http://xkcd.com/327/>.
--
Christoph M. Becker
|
|
|
|
| Re: function for preserving special characters? [message #186084 is a reply to message #186083] |
Fri, 13 June 2014 13:42 |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <539afd73$0$6602$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
> Tim Streater wrote:
>
>> In article <4s7xh8hg1pcy(dot)ov70m21znbte$(dot)dlg(at)40tude(dot)net>, richard
>> <noreply(at)example(dot)com> wrote:
>>
>>> When attempting to transfer records from one table to another, certain
>>> records refuse to be.
>>> Such as those with words like "I'm".
>>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>
>>> I know there is a procedure in PHP for dealing with this.
>>> I just can't find it right now.
>>> Can anyone help on this?
>>
>> You need to read up on your database and find how it deals with things
>> like single-quotes (') in strings that you want to update a column
>> with. Or rather, how it expects *you* to present the data.
>>
>> For SQLite, I do this:
>>
>> $x = str_replace ('\'', '\'\'', $xx);
>
> However, remember Bobby Tables: <http://xkcd.com/327/>.
:-) Yeah yeah.
However in this case the guy doing the hacking would be the guy whose
data would be trashed. Why destroy your own data that way when you can
just drag the entire file to the Trash and empty it.
--
"That excessive bail ought not to be required, nor excessive fines imposed,
nor cruel and unusual punishments inflicted" -- Bill of Rights 1689
|
|
|
|
| solved (was: function for preserving special characters?) [message #186085 is a reply to message #186078] |
Fri, 13 June 2014 13:57 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
> When attempting to transfer records from one table to another, certain
> records refuse to be.
> Such as those with words like "I'm".
> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>
> I know there is a procedure in PHP for dealing with this.
> I just can't find it right now.
> Can anyone help on this?
$a=str_replace("'","\'",$a);
Works just fine.
Thanks for the reminder tim.
|
|
|
|
| Re: solved [message #186086 is a reply to message #186085] |
Fri, 13 June 2014 14:14 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 9:57 AM, richard wrote:
> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>
>> When attempting to transfer records from one table to another, certain
>> records refuse to be.
>> Such as those with words like "I'm".
>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>
>> I know there is a procedure in PHP for dealing with this.
>> I just can't find it right now.
>> Can anyone help on this?
>
> $a=str_replace("'","\'",$a);
> Works just fine.
> Thanks for the reminder tim.
>
That might work for sqllite, but it's definitely the WRONG way to do it
in MySQL.
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: function for preserving special characters? [message #186087 is a reply to message #186084] |
Fri, 13 June 2014 14:26 |
Christoph Michael Bec
Messages: 207
Registered: June 2013
Karma: 0
|
Senior Member |
|
|
Tim Streater wrote:
> In article <539afd73$0$6602$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
> Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
>
>> Tim Streater wrote:
>>
>>> In article <4s7xh8hg1pcy(dot)ov70m21znbte$(dot)dlg(at)40tude(dot)net>, richard
>>> <noreply(at)example(dot)com> wrote:
>>>> > When attempting to transfer records from one table to another,
>> certain
>>>> records refuse to be.
>>>> Such as those with words like "I'm".
>>>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>>
>>>> I know there is a procedure in PHP for dealing with this.
>>>> I just can't find it right now.
>>>> Can anyone help on this?
>>>> You need to read up on your database and find how it deals with
>> things
>>> like single-quotes (') in strings that you want to update a column
>>> with. Or rather, how it expects *you* to present the data.
>>>> For SQLite, I do this:
>>>> $x = str_replace ('\'', '\'\'', $xx);
>>
>> However, remember Bobby Tables: <http://xkcd.com/327/>.
>
> :-) Yeah yeah.
>
> However in this case the guy doing the hacking would be the guy whose
> data would be trashed. Why destroy your own data that way when you can
> just drag the entire file to the Trash and empty it.
ACK.
However, my reply was not particularly meant for you, but also for
others who want to do this on otherwise unsanitized user input.
--
Christoph M. Becker
|
|
|
|
| Re: function for preserving special characters? [message #186088 is a reply to message #186087] |
Fri, 13 June 2014 17:23 |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <539b0a09$0$6621$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
> Tim Streater wrote:
>
>> In article <539afd73$0$6602$9b4e6d93(at)newsspool4(dot)arcor-online(dot)net>,
>> Christoph Michael Becker <cmbecker69(at)arcor(dot)de> wrote:
>>
>>> Tim Streater wrote:
>>>
>>>> In article <4s7xh8hg1pcy(dot)ov70m21znbte$(dot)dlg(at)40tude(dot)net>, richard
>>>> <noreply(at)example(dot)com> wrote:
>>>> >> When attempting to transfer records from one table to another,
>>> certain
>>>> > records refuse to be.
>>>> > Such as those with words like "I'm".
>>>> > What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>> >
>>>> > I know there is a procedure in PHP for dealing with this.
>>>> > I just can't find it right now.
>>>> > Can anyone help on this?
>>>> > You need to read up on your database and find how it deals with
>>> things
>>>> like single-quotes (') in strings that you want to update a column
>>>> with. Or rather, how it expects *you* to present the data.
>>>> > For SQLite, I do this:
>>>> > $x = str_replace ('\'', '\'\'', $xx);
>>>
>>> However, remember Bobby Tables: <http://xkcd.com/327/>.
>>
>> :-) Yeah yeah.
>>
>> However in this case the guy doing the hacking would be the guy whose
>> data would be trashed. Why destroy your own data that way when you can
>> just drag the entire file to the Trash and empty it.
>
> ACK.
>
> However, my reply was not particularly meant for you, but also for
> others who want to do this on otherwise unsanitized user input.
Still, it was quite useful as I went back and entered variants of:
xxx'); drop table xyz; --
into some screen entry fields without succeeding in doing any damage.
Either the entry was rejected (by my code) for a numeric field, or was
accepted verbatim and ended up in a database field. Not that this
proves invulnerability, but it's at least a start.
--
"The idea that Bill Gates has appeared like a knight in shining armour to
lead all customers out of a mire of technological chaos neatly ignores
the fact that it was he who, by peddling second-rate technology, led them
into it in the first place." - Douglas Adams
|
|
|
|
| Re: solved [message #186090 is a reply to message #186086] |
Fri, 13 June 2014 18:43 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
> On 6/13/2014 9:57 AM, richard wrote:
>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>
>>> When attempting to transfer records from one table to another, certain
>>> records refuse to be.
>>> Such as those with words like "I'm".
>>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>
>>> I know there is a procedure in PHP for dealing with this.
>>> I just can't find it right now.
>>> Can anyone help on this?
>>
>> $a=str_replace("'","\'",$a);
>> Works just fine.
>> Thanks for the reminder tim.
>>
>
> That might work for sqllite, but it's definitely the WRONG way to do it
> in MySQL.
As you continously remind me, this is not an mysql issue.
The table data could care less what characters are in it.
mysqli doesn't give a shit either.
if I code the data with a \ in the column cell, the output will show that
\.
|
|
|
|
| Re: function for preserving special characters? [message #186091 is a reply to message #186081] |
Fri, 13 June 2014 18:45 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 12:37:50 +0100, Paul Herber wrote:
> On Fri, 13 Jun 2014 10:39:59 +0000 (UTC), Doug Miller <doug_at_milmac_dot_com(at)example(dot)com>
> wrote:
>
>> richard <noreply(at)example(dot)com> wrote in news:4s7xh8hg1pcy.ov70m21znbte$.dlg@
>> 40tude.net:
>>
>>> When attempting to transfer records from one table to another, certain
>>> records refuse to be.
>>> Such as those with words like "I'm".
>>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>
>> That alone should be sufficient for you to realize that the problem isn't what you think it is.
>
> cue abuse from RTS
Every one is entitled to their opinion.
|
|
|
|
| Re: solved [message #186092 is a reply to message #186090] |
Fri, 13 June 2014 19:01 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 2:43 PM, richard wrote:
> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>
>> On 6/13/2014 9:57 AM, richard wrote:
>>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>
>>>> When attempting to transfer records from one table to another, certain
>>>> records refuse to be.
>>>> Such as those with words like "I'm".
>>>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>>
>>>> I know there is a procedure in PHP for dealing with this.
>>>> I just can't find it right now.
>>>> Can anyone help on this?
>>>
>>> $a=str_replace("'","\'",$a);
>>> Works just fine.
>>> Thanks for the reminder tim.
>>>
>>
>> That might work for sqllite, but it's definitely the WRONG way to do it
>> in MySQL.
>
> As you continously remind me, this is not an mysql issue.
> The table data could care less what characters are in it.
> mysqli doesn't give a shit either.
>
> if I code the data with a \ in the column cell, the output will show that
> \.
>
One again you are WRONG! As evidenced by the failure of the insertions.
And if you would have checked for errors (as you've been told many times
before), you would have found a MySQL error.
I remind you if something is not a MySQL issue when it's not a MySQL
issue. However, you can't learn the difference between PHP and MySQL.
Here's a hint: PHP doesn't care what's in a string. So if neither one
cares, why should the INSERT fail?
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: solved [message #186096 is a reply to message #186092] |
Fri, 13 June 2014 19:44 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
> On 6/13/2014 2:43 PM, richard wrote:
>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>
>>> On 6/13/2014 9:57 AM, richard wrote:
>>>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>>
>>>> > When attempting to transfer records from one table to another, certain
>>>> > records refuse to be.
>>>> > Such as those with words like "I'm".
>>>> > What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>> >
>>>> > I know there is a procedure in PHP for dealing with this.
>>>> > I just can't find it right now.
>>>> > Can anyone help on this?
>>>>
>>>> $a=str_replace("'","\'",$a);
>>>> Works just fine.
>>>> Thanks for the reminder tim.
>>>>
>>>
>>> That might work for sqllite, but it's definitely the WRONG way to do it
>>> in MySQL.
>>
>> As you continously remind me, this is not an mysql issue.
>> The table data could care less what characters are in it.
>> mysqli doesn't give a shit either.
>>
>> if I code the data with a \ in the column cell, the output will show that
>> \.
>>
>
> One again you are WRONG! As evidenced by the failure of the insertions.
>
> And if you would have checked for errors (as you've been told many times
> before), you would have found a MySQL error.
>
> I remind you if something is not a MySQL issue when it's not a MySQL
> issue. However, you can't learn the difference between PHP and MySQL.
>
> Here's a hint: PHP doesn't care what's in a string. So if neither one
> cares, why should the INSERT fail?
Jerry, you are argumentative here just to be arguing.
I did put in an error check.
That confirmed that it was the single quotes causing the problem.
What's going to happen when you say:
insert into tabe VALUES('it's').
PHP, not mysqli, kicks back an error right?
PHP sees the third single quote as a mismatch.
To correct this, you must include a \.
Insert into table VALUES('it\'s') is now acceptable.
|
|
|
|
| Re: solved [message #186097 is a reply to message #186096] |
Fri, 13 June 2014 20:09 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 3:44 PM, richard wrote:
> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>
>> On 6/13/2014 2:43 PM, richard wrote:
>>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>
>>>> On 6/13/2014 9:57 AM, richard wrote:
>>>> > On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >
>>>> >> When attempting to transfer records from one table to another, certain
>>>> >> records refuse to be.
>>>> >> Such as those with words like "I'm".
>>>> >> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>> >>
>>>> >> I know there is a procedure in PHP for dealing with this.
>>>> >> I just can't find it right now.
>>>> >> Can anyone help on this?
>>>> >
>>>> > $a=str_replace("'","\'",$a);
>>>> > Works just fine.
>>>> > Thanks for the reminder tim.
>>>> >
>>>>
>>>> That might work for sqllite, but it's definitely the WRONG way to do it
>>>> in MySQL.
>>>
>>> As you continously remind me, this is not an mysql issue.
>>> The table data could care less what characters are in it.
>>> mysqli doesn't give a shit either.
>>>
>>> if I code the data with a \ in the column cell, the output will show that
>>> \.
>>>
>>
>> One again you are WRONG! As evidenced by the failure of the insertions.
>>
>> And if you would have checked for errors (as you've been told many times
>> before), you would have found a MySQL error.
>>
>> I remind you if something is not a MySQL issue when it's not a MySQL
>> issue. However, you can't learn the difference between PHP and MySQL.
>>
>> Here's a hint: PHP doesn't care what's in a string. So if neither one
>> cares, why should the INSERT fail?
>
> Jerry, you are argumentative here just to be arguing.
WRONG.
> I did put in an error check.
> That confirmed that it was the single quotes causing the problem.
>
> What's going to happen when you say:
> insert into tabe VALUES('it's').
> PHP, not mysqli, kicks back an error right?
WRONG.
> PHP sees the third single quote as a mismatch.
WRONG.
> To correct this, you must include a \.
WRONG.
> Insert into table VALUES('it\'s') is now acceptable.
>
It works - but it is not ACCEPTABLE.
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: solved [message #186098 is a reply to message #186096] |
Fri, 13 June 2014 20:16 |
Tim Streater
Messages: 328
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
<noreply(at)example(dot)com> wrote:
> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>
>> On 6/13/2014 2:43 PM, richard wrote:
>>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>
>>>> On 6/13/2014 9:57 AM, richard wrote:
>>>> > On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >
>>>> >> When attempting to transfer records from one table to another, certain
>>>> >> records refuse to be.
>>>> >> Such as those with words like "I'm".
>>>> >> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>> >>
>>>> >> I know there is a procedure in PHP for dealing with this.
>>>> >> I just can't find it right now.
>>>> >> Can anyone help on this?
>>>> >
>>>> > $a=str_replace("'","\'",$a);
>>>> > Works just fine.
>>>> > Thanks for the reminder tim.
>>>> >
>>>>
>>>> That might work for sqllite, but it's definitely the WRONG way to do it
>>>> in MySQL.
>>>
>>> As you continously remind me, this is not an mysql issue.
>>> The table data could care less what characters are in it.
>>> mysqli doesn't give a shit either.
>>>
>>> if I code the data with a \ in the column cell, the output will show that
>>> \.
>>>
>>
>> One again you are WRONG! As evidenced by the failure of the insertions.
>>
>> And if you would have checked for errors (as you've been told many times
>> before), you would have found a MySQL error.
>>
>> I remind you if something is not a MySQL issue when it's not a MySQL
>> issue. However, you can't learn the difference between PHP and MySQL.
>>
>> Here's a hint: PHP doesn't care what's in a string. So if neither one
>> cares, why should the INSERT fail?
>
> Jerry, you are argumentative here just to be arguing.
> I did put in an error check.
> That confirmed that it was the single quotes causing the problem.
>
> What's going to happen when you say:
> insert into tabe VALUES('it's').
> PHP, not mysqli, kicks back an error right?
> PHP sees the third single quote as a mismatch.
> To correct this, you must include a \.
> Insert into table VALUES('it\'s') is now acceptable.
Can you post the exact PHP statement you were using?
See, if you were doing something like (I don't know the syntax exactly):
$dbh->mysqli ("insert into table VALUES('it's')");
then if you're using double-quotes (") to delimit the SQL string, PHP
won't care that you have three single quotes inside it. That's just
string data to PHP. What will happen is that mysqli will complain,
because what it gets passed is wrong SQL.
It would still be mysqli complaining if you did this:
$dbh->mysqli ("three coins in a fountain, said Fred");
--
"People don't buy Microsoft for quality, they buy it for compatibility
with what Bob in accounting bought last year. Trace it back - they buy
Microsoft because the IBM Selectric didn't suck much" - P Seebach, afc
|
|
|
|
| Re: solved [message #186099 is a reply to message #186098] |
Fri, 13 June 2014 20:38 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 4:16 PM, Tim Streater wrote:
> In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
> <noreply(at)example(dot)com> wrote:
>
>> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>>
>>> On 6/13/2014 2:43 PM, richard wrote:
>>>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>> >>> On 6/13/2014 9:57 AM, richard wrote:
>>>> >> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >>
>>>> >>> When attempting to transfer records from one table to another,
>> certain
>>>> >>> records refuse to be.
>>>> >>> Such as those with words like "I'm".
>>>> >>> What's even more confusing is, "It's" won't work, but "Cathy's"
>> is ok?
>>>> >>>
>>>> >>> I know there is a procedure in PHP for dealing with this.
>>>> >>> I just can't find it right now.
>>>> >>> Can anyone help on this?
>>>> >>
>>>> >> $a=str_replace("'","\'",$a);
>>>> >> Works just fine.
>>>> >> Thanks for the reminder tim.
>>>> >>
>>>> >
>>>> > That might work for sqllite, but it's definitely the WRONG way to
>> do it
>>>> > in MySQL.
>>>> >> As you continously remind me, this is not an mysql issue.
>>>> The table data could care less what characters are in it.
>>>> mysqli doesn't give a shit either.
>>>> >> if I code the data with a \ in the column cell, the output will
>> show that
>>>> \.
>>>> > > One again you are WRONG! As evidenced by the failure of the
>> insertions.
>>>> And if you would have checked for errors (as you've been told many
>> times
>>> before), you would have found a MySQL error.
>>>> I remind you if something is not a MySQL issue when it's not a MySQL
>>> issue. However, you can't learn the difference between PHP and MySQL.
>>>> Here's a hint: PHP doesn't care what's in a string. So if neither
>> one
>>> cares, why should the INSERT fail?
>>
>> Jerry, you are argumentative here just to be arguing.
>> I did put in an error check.
>> That confirmed that it was the single quotes causing the problem.
>>
>> What's going to happen when you say:
>> insert into tabe VALUES('it's').
>> PHP, not mysqli, kicks back an error right?
>> PHP sees the third single quote as a mismatch.
>> To correct this, you must include a \.
>> Insert into table VALUES('it\'s') is now acceptable.
>
> Can you post the exact PHP statement you were using?
>
> See, if you were doing something like (I don't know the syntax exactly):
>
> $dbh->mysqli ("insert into table VALUES('it's')");
>
> then if you're using double-quotes (") to delimit the SQL string, PHP
> won't care that you have three single quotes inside it. That's just
> string data to PHP. What will happen is that mysqli will complain,
> because what it gets passed is wrong SQL.
>
> It would still be mysqli complaining if you did this:
>
> $dbh->mysqli ("three coins in a fountain, said Fred");
>
Tim,
No, RTS can't tell the difference between a string containing a single
quote and a string variable containing a single quote.
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: solved [message #186100 is a reply to message #186096] |
Fri, 13 June 2014 20:50 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 15:44:58 -0400, richard wrote:
> What's going to happen when you say:
> insert into tabe VALUES('it's').
> PHP, not mysqli, kicks back an error right?
No. the mysql rdbms kicks the error back to through the mysqli interface
to php.
PHP really doesn't care what you put in a string.
mysqli->query() (or mysqli_query()) just takes the string you give it and
passes it to the mysql rdbms as an sql command.
If the string that you assembled in php and passed to the mysql rdbms
using the mysqli interface is not a valid sql statement, then the mysql
rdbms indicates this by returning an error value to the mysqli interface
code which is then passed back to php by setting the result of the mysqli-
> query() (or mysqli_query()) call to false, and also setting an error
number and an error string which can be retrieved with other appropriate
mysqli_*() (or mysqli->*()) calls.
> PHP sees the third single quote as a mismatch.
No, PHP isn't seeing the single quote as a mismatch, mysql is seeing the
single quote as a mismatch. That's why you're getting a mysql error and
not a php error.
> To correct this, you must include a \.
> Insert into table VALUES('it\'s') is now acceptable.
It might appear to be working in this instance, but it is not the correct
way to do this. Have you actually checked that the data that ends up in
the table is what you're assuming it is?
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
|
| Re: solved [message #186101 is a reply to message #186098] |
Fri, 13 June 2014 22:23 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 21:16:00 +0100, Tim Streater wrote:
> In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
> <noreply(at)example(dot)com> wrote:
>
>> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>>
>>> On 6/13/2014 2:43 PM, richard wrote:
>>>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>>
>>>> > On 6/13/2014 9:57 AM, richard wrote:
>>>> >> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >>
>>>> >>> When attempting to transfer records from one table to another, certain
>>>> >>> records refuse to be.
>>>> >>> Such as those with words like "I'm".
>>>> >>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>>> >>>
>>>> >>> I know there is a procedure in PHP for dealing with this.
>>>> >>> I just can't find it right now.
>>>> >>> Can anyone help on this?
>>>> >>
>>>> >> $a=str_replace("'","\'",$a);
>>>> >> Works just fine.
>>>> >> Thanks for the reminder tim.
>>>> >>
>>>> >
>>>> > That might work for sqllite, but it's definitely the WRONG way to do it
>>>> > in MySQL.
>>>>
>>>> As you continously remind me, this is not an mysql issue.
>>>> The table data could care less what characters are in it.
>>>> mysqli doesn't give a shit either.
>>>>
>>>> if I code the data with a \ in the column cell, the output will show that
>>>> \.
>>>>
>>>
>>> One again you are WRONG! As evidenced by the failure of the insertions.
>>>
>>> And if you would have checked for errors (as you've been told many times
>>> before), you would have found a MySQL error.
>>>
>>> I remind you if something is not a MySQL issue when it's not a MySQL
>>> issue. However, you can't learn the difference between PHP and MySQL.
>>>
>>> Here's a hint: PHP doesn't care what's in a string. So if neither one
>>> cares, why should the INSERT fail?
>>
>> Jerry, you are argumentative here just to be arguing.
>> I did put in an error check.
>> That confirmed that it was the single quotes causing the problem.
>>
>> What's going to happen when you say:
>> insert into tabe VALUES('it's').
>> PHP, not mysqli, kicks back an error right?
>> PHP sees the third single quote as a mismatch.
>> To correct this, you must include a \.
>> Insert into table VALUES('it\'s') is now acceptable.
>
> Can you post the exact PHP statement you were using?
>
> See, if you were doing something like (I don't know the syntax exactly):
>
> $dbh->mysqli ("insert into table VALUES('it's')");
>
> then if you're using double-quotes (") to delimit the SQL string, PHP
> won't care that you have three single quotes inside it. That's just
> string data to PHP. What will happen is that mysqli will complain,
> because what it gets passed is wrong SQL.
>
> It would still be mysqli complaining if you did this:
>
> $dbh->mysqli ("three coins in a fountain, said Fred");
Tim, I experiemented with that.
Double quotes in the values() sends the data in the quotes as is.
eg. values("$string") outputs $string as the data in that columnn.
Not the value you assigned to $string.
|
|
|
|
| Re: solved [message #186102 is a reply to message #186099] |
Fri, 13 June 2014 22:29 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 16:38:04 -0400, Jerry Stuckle wrote:
> On 6/13/2014 4:16 PM, Tim Streater wrote:
>> In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
>> <noreply(at)example(dot)com> wrote:
>>
>>> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>>>
>>>> On 6/13/2014 2:43 PM, richard wrote:
>>>> > On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>> > >>> On 6/13/2014 9:57 AM, richard wrote:
>>>> >>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >>>
>>>> >>>> When attempting to transfer records from one table to another,
>>> certain
>>>> >>>> records refuse to be.
>>>> >>>> Such as those with words like "I'm".
>>>> >>>> What's even more confusing is, "It's" won't work, but "Cathy's"
>>> is ok?
>>>> >>>>
>>>> >>>> I know there is a procedure in PHP for dealing with this.
>>>> >>>> I just can't find it right now.
>>>> >>>> Can anyone help on this?
>>>> >>>
>>>> >>> $a=str_replace("'","\'",$a);
>>>> >>> Works just fine.
>>>> >>> Thanks for the reminder tim.
>>>> >>>
>>>> >>
>>>> >> That might work for sqllite, but it's definitely the WRONG way to
>>> do it
>>>> >> in MySQL.
>>>> > >> As you continously remind me, this is not an mysql issue.
>>>> > The table data could care less what characters are in it.
>>>> > mysqli doesn't give a shit either.
>>>> > >> if I code the data with a \ in the column cell, the output will
>>> show that
>>>> > \.
>>>> > > > One again you are WRONG! As evidenced by the failure of the
>>> insertions.
>>>> > And if you would have checked for errors (as you've been told many
>>> times
>>>> before), you would have found a MySQL error.
>>>> > I remind you if something is not a MySQL issue when it's not a MySQL
>>>> issue. However, you can't learn the difference between PHP and MySQL.
>>>> > Here's a hint: PHP doesn't care what's in a string. So if neither
>>> one
>>>> cares, why should the INSERT fail?
>>>
>>> Jerry, you are argumentative here just to be arguing.
>>> I did put in an error check.
>>> That confirmed that it was the single quotes causing the problem.
>>>
>>> What's going to happen when you say:
>>> insert into tabe VALUES('it's').
>>> PHP, not mysqli, kicks back an error right?
>>> PHP sees the third single quote as a mismatch.
>>> To correct this, you must include a \.
>>> Insert into table VALUES('it\'s') is now acceptable.
>>
>> Can you post the exact PHP statement you were using?
>>
>> See, if you were doing something like (I don't know the syntax exactly):
>>
>> $dbh->mysqli ("insert into table VALUES('it's')");
>>
>> then if you're using double-quotes (") to delimit the SQL string, PHP
>> won't care that you have three single quotes inside it. That's just
>> string data to PHP. What will happen is that mysqli will complain,
>> because what it gets passed is wrong SQL.
>>
>> It would still be mysqli complaining if you did this:
>>
>> $dbh->mysqli ("three coins in a fountain, said Fred");
>>
>
> Tim,
>
> No, RTS can't tell the difference between a string containing a single
> quote and a string variable containing a single quote.
Jerry, all you're doing now is bashing me.
Makes no difference what the issue is, you just have to bash.
Besides, you fucked up.
You said single quote twice.
(Oh but I meant to say that)
You have stepped down to Evan's level.
|
|
|
|
| Re: solved [message #186103 is a reply to message #186102] |
Fri, 13 June 2014 23:43 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 6:29 PM, richard wrote:
> On Fri, 13 Jun 2014 16:38:04 -0400, Jerry Stuckle wrote:
>
>> On 6/13/2014 4:16 PM, Tim Streater wrote:
>>> In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
>>> <noreply(at)example(dot)com> wrote:
>>>
>>>> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>>>>
>>>> > On 6/13/2014 2:43 PM, richard wrote:
>>>> >> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>> >>>>> On 6/13/2014 9:57 AM, richard wrote:
>>>> >>>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >>>>
>>>> >>>>> When attempting to transfer records from one table to another,
>>>> certain
>>>> >>>>> records refuse to be.
>>>> >>>>> Such as those with words like "I'm".
>>>> >>>>> What's even more confusing is, "It's" won't work, but "Cathy's"
>>>> is ok?
>>>> >>>>>
>>>> >>>>> I know there is a procedure in PHP for dealing with this.
>>>> >>>>> I just can't find it right now.
>>>> >>>>> Can anyone help on this?
>>>> >>>>
>>>> >>>> $a=str_replace("'","\'",$a);
>>>> >>>> Works just fine.
>>>> >>>> Thanks for the reminder tim.
>>>> >>>>
>>>> >>>
>>>> >>> That might work for sqllite, but it's definitely the WRONG way to
>>>> do it
>>>> >>> in MySQL.
>>>> >>>> As you continously remind me, this is not an mysql issue.
>>>> >> The table data could care less what characters are in it.
>>>> >> mysqli doesn't give a shit either.
>>>> >>>> if I code the data with a \ in the column cell, the output will
>>>> show that
>>>> >> \.
>>>> >>>> One again you are WRONG! As evidenced by the failure of the
>>>> insertions.
>>>> >> And if you would have checked for errors (as you've been told many
>>>> times
>>>> > before), you would have found a MySQL error.
>>>> >> I remind you if something is not a MySQL issue when it's not a MySQL
>>>> > issue. However, you can't learn the difference between PHP and MySQL.
>>>> >> Here's a hint: PHP doesn't care what's in a string. So if neither
>>>> one
>>>> > cares, why should the INSERT fail?
>>>>
>>>> Jerry, you are argumentative here just to be arguing.
>>>> I did put in an error check.
>>>> That confirmed that it was the single quotes causing the problem.
>>>>
>>>> What's going to happen when you say:
>>>> insert into tabe VALUES('it's').
>>>> PHP, not mysqli, kicks back an error right?
>>>> PHP sees the third single quote as a mismatch.
>>>> To correct this, you must include a \.
>>>> Insert into table VALUES('it\'s') is now acceptable.
>>>
>>> Can you post the exact PHP statement you were using?
>>>
>>> See, if you were doing something like (I don't know the syntax exactly):
>>>
>>> $dbh->mysqli ("insert into table VALUES('it's')");
>>>
>>> then if you're using double-quotes (") to delimit the SQL string, PHP
>>> won't care that you have three single quotes inside it. That's just
>>> string data to PHP. What will happen is that mysqli will complain,
>>> because what it gets passed is wrong SQL.
>>>
>>> It would still be mysqli complaining if you did this:
>>>
>>> $dbh->mysqli ("three coins in a fountain, said Fred");
>>>
>>
>> Tim,
>>
>> No, RTS can't tell the difference between a string containing a single
>> quote and a string variable containing a single quote.
>
> Jerry, all you're doing now is bashing me.
> Makes no difference what the issue is, you just have to bash.
> Besides, you fucked up.
> You said single quote twice.
> (Oh but I meant to say that)
>
> You have stepped down to Evan's level.
>
I'm just telling the truth, RTS. And I know I said single quote twice -
I meant to. And anyone with half a brain understands what I said.
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: function for preserving special characters? [message #186104 is a reply to message #186078] |
Sat, 14 June 2014 00:45 |
Richard Damon
Messages: 58
Registered: August 2011
Karma: 0
|
Member |
|
|
On 6/13/14, 12:57 AM, richard wrote:
> When attempting to transfer records from one table to another, certain
> records refuse to be.
> Such as those with words like "I'm".
> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>
> I know there is a procedure in PHP for dealing with this.
> I just can't find it right now.
> Can anyone help on this?
>
There are several ways to do this.
The first, is to use "Prepared Statements" to write to the database.
When you do this, you build of the command to perform independent of the
data to process (with place holders), and then connect this to the data
when you execute the prepared statement.
The other option is to use something like mysqli_real_escape_string()
function or mysqli::real_escape_string() (there is also
mysql_real_escaple_string() if you are still using the obsolete mysql
routines). You could also do this with a str_replace, but you need to
determine all the cases that need to be escaped (this isn't as simple as
it might first seem, as the manual implies that this may depend on the
character set selected.
|
|
|
|
| Re: solved [message #186105 is a reply to message #186103] |
Sat, 14 June 2014 00:48 |
Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 19:43:52 -0400, Jerry Stuckle wrote:
> On 6/13/2014 6:29 PM, richard wrote:
>> On Fri, 13 Jun 2014 16:38:04 -0400, Jerry Stuckle wrote:
>>
>>> On 6/13/2014 4:16 PM, Tim Streater wrote:
>>>> In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
>>>> <noreply(at)example(dot)com> wrote:
>>>>
>>>> > On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>>>> >
>>>> >> On 6/13/2014 2:43 PM, richard wrote:
>>>> >>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>> >>>>>> On 6/13/2014 9:57 AM, richard wrote:
>>>> >>>>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >>>>>
>>>> >>>>>> When attempting to transfer records from one table to another,
>>>> > certain
>>>> >>>>>> records refuse to be.
>>>> >>>>>> Such as those with words like "I'm".
>>>> >>>>>> What's even more confusing is, "It's" won't work, but "Cathy's"
>>>> > is ok?
>>>> >>>>>>
>>>> >>>>>> I know there is a procedure in PHP for dealing with this.
>>>> >>>>>> I just can't find it right now.
>>>> >>>>>> Can anyone help on this?
>>>> >>>>>
>>>> >>>>> $a=str_replace("'","\'",$a);
>>>> >>>>> Works just fine.
>>>> >>>>> Thanks for the reminder tim.
>>>> >>>>>
>>>> >>>>
>>>> >>>> That might work for sqllite, but it's definitely the WRONG way to
>>>> > do it
>>>> >>>> in MySQL.
>>>> >>>>> As you continously remind me, this is not an mysql issue.
>>>> >>> The table data could care less what characters are in it.
>>>> >>> mysqli doesn't give a shit either.
>>>> >>>>> if I code the data with a \ in the column cell, the output will
>>>> > show that
>>>> >>> \.
>>>> >>>>> One again you are WRONG! As evidenced by the failure of the
>>>> > insertions.
>>>> >>> And if you would have checked for errors (as you've been told many
>>>> > times
>>>> >> before), you would have found a MySQL error.
>>>> >>> I remind you if something is not a MySQL issue when it's not a MySQL
>>>> >> issue. However, you can't learn the difference between PHP and MySQL.
>>>> >>> Here's a hint: PHP doesn't care what's in a string. So if neither
>>>> > one
>>>> >> cares, why should the INSERT fail?
>>>> >
>>>> > Jerry, you are argumentative here just to be arguing.
>>>> > I did put in an error check.
>>>> > That confirmed that it was the single quotes causing the problem.
>>>> >
>>>> > What's going to happen when you say:
>>>> > insert into tabe VALUES('it's').
>>>> > PHP, not mysqli, kicks back an error right?
>>>> > PHP sees the third single quote as a mismatch.
>>>> > To correct this, you must include a \.
>>>> > Insert into table VALUES('it\'s') is now acceptable.
>>>>
>>>> Can you post the exact PHP statement you were using?
>>>>
>>>> See, if you were doing something like (I don't know the syntax exactly):
>>>>
>>>> $dbh->mysqli ("insert into table VALUES('it's')");
>>>>
>>>> then if you're using double-quotes (") to delimit the SQL string, PHP
>>>> won't care that you have three single quotes inside it. That's just
>>>> string data to PHP. What will happen is that mysqli will complain,
>>>> because what it gets passed is wrong SQL.
>>>>
>>>> It would still be mysqli complaining if you did this:
>>>>
>>>> $dbh->mysqli ("three coins in a fountain, said Fred");
>>>>
>>>
>>> Tim,
>>>
>>> No, RTS can't tell the difference between a string containing a single
>>> quote and a string variable containing a single quote.
>>
>> Jerry, all you're doing now is bashing me.
>> Makes no difference what the issue is, you just have to bash.
>> Besides, you fucked up.
>> You said single quote twice.
>> (Oh but I meant to say that)
>>
>> You have stepped down to Evan's level.
>>
>
> I'm just telling the truth, RTS. And I know I said single quote twice -
> I meant to. And anyone with half a brain understands what I said.
Jerry, you have stepped down to evan's level for sure.
this is a string: "It's Late".
this is a variable string: $x="It's Late".
The variable is nothing more than a shortcut.
The variable allows us to use the same information over and over and at
numerous places. We don't have to use a variable but it is there.
It is cvalled a variable because the content can change as desired.
I'm done with you here, asswipe.
|
|
|
|
| Re: function for preserving special characters? [message #186106 is a reply to message #186104] |
Sat, 14 June 2014 00:51 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 8:45 PM, Richard Damon wrote:
> On 6/13/14, 12:57 AM, richard wrote:
>> When attempting to transfer records from one table to another, certain
>> records refuse to be.
>> Such as those with words like "I'm".
>> What's even more confusing is, "It's" won't work, but "Cathy's" is ok?
>>
>> I know there is a procedure in PHP for dealing with this.
>> I just can't find it right now.
>> Can anyone help on this?
>>
>
> There are several ways to do this.
>
> The first, is to use "Prepared Statements" to write to the database.
> When you do this, you build of the command to perform independent of the
> data to process (with place holders), and then connect this to the data
> when you execute the prepared statement.
>
> The other option is to use something like mysqli_real_escape_string()
> function or mysqli::real_escape_string() (there is also
> mysql_real_escaple_string() if you are still using the obsolete mysql
> routines). You could also do this with a str_replace, but you need to
> determine all the cases that need to be escaped (this isn't as simple as
> it might first seem, as the manual implies that this may depend on the
> character set selected.
>
Richard,
We've told RTS (Richard the Stupid) this many times but he never learns.
Then he comes back and insults people who try to help him.
That's the reason the regulars in this newsgroup aren't telling him.
We're tired of him arguing (like he is with me earlier in this thread -
and he's ALWAYS wrong) and insulting the rest of us.
And of course he NEVER apologizes.
Just search this newsgroup for RTS and look at some of the threads.
You'll get an eyeful.
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: solved [message #186107 is a reply to message #186105] |
Sat, 14 June 2014 01:39 |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 6/13/2014 8:48 PM, richard wrote:
> On Fri, 13 Jun 2014 19:43:52 -0400, Jerry Stuckle wrote:
>
>> On 6/13/2014 6:29 PM, richard wrote:
>>> On Fri, 13 Jun 2014 16:38:04 -0400, Jerry Stuckle wrote:
>>>
>>>> On 6/13/2014 4:16 PM, Tim Streater wrote:
>>>> > In article <157nwayhe47ig(dot)1exa9x5yqxi59$(dot)dlg(at)40tude(dot)net>, richard
>>>> > <noreply(at)example(dot)com> wrote:
>>>> >
>>>> >> On Fri, 13 Jun 2014 15:01:53 -0400, Jerry Stuckle wrote:
>>>> >>
>>>> >>> On 6/13/2014 2:43 PM, richard wrote:
>>>> >>>> On Fri, 13 Jun 2014 10:14:06 -0400, Jerry Stuckle wrote:
>>>> >>>>>>> On 6/13/2014 9:57 AM, richard wrote:
>>>> >>>>>> On Fri, 13 Jun 2014 00:57:10 -0400, richard wrote:
>>>> >>>>>>
>>>> >>>>>>> When attempting to transfer records from one table to another,
>>>> >> certain
>>>> >>>>>>> records refuse to be.
>>>> >>>>>>> Such as those with words like "I'm".
>>>> >>>>>>> What's even more confusing is, "It's" won't work, but "Cathy's"
>>>> >> is ok?
>>>> >>>>>>>
>>>> >>>>>>> I know there is a procedure in PHP for dealing with this.
>>>> >>>>>>> I just can't find it right now.
>>>> >>>>>>> Can anyone help on this?
>>>> >>>>>>
>>>> >>>>>> $a=str_replace("'","\'",$a);
>>>> >>>>>> Works just fine.
>>>> >>>>>> Thanks for the reminder tim.
>>>> >>>>>>
>>>> >>>>>
>>>> >>>>> That might work for sqllite, but it's definitely the WRONG way to
>>>> >> do it
>>>> >>>>> in MySQL.
>>>> >>>>>> As you continously remind me, this is not an mysql issue.
>>>> >>>> The table data could care less what characters are in it.
>>>> >>>> mysqli doesn't give a shit either.
>>>> >>>>>> if I code the data with a \ in the column cell, the output will
>>>> >> show that
>>>> >>>> \.
>>>> >>>>>> One again you are WRONG! As evidenced by the failure of the
>>>> >> insertions.
>>>> >>>> And if you would have checked for errors (as you've been told many
>>>> >> times
>>>> >>> before), you would have found a MySQL error.
>>>> >>>> I remind you if something is not a MySQL issue when it's not a MySQL
>>>> >>> issue. However, you can't learn the difference between PHP and MySQL.
>>>> >>>> Here's a hint: PHP doesn't care what's in a string. So if neither
>>>> >> one
>>>> >>> cares, why should the INSERT fail?
>>>> >>
>>>> >> Jerry, you are argumentative here just to be arguing.
>>>> >> I did put in an error check.
>>>> >> That confirmed that it was the single quotes causing the problem.
>>>> >>
>>>> >> What's going to happen when you say:
>>>> >> insert into tabe VALUES('it's').
>>>> >> PHP, not mysqli, kicks back an error right?
>>>> >> PHP sees the third single quote as a mismatch.
>>>> >> To correct this, you must include a \.
>>>> >> Insert into table VALUES('it\'s') is now acceptable.
>>>> >
>>>> > Can you post the exact PHP statement you were using?
>>>> >
>>>> > See, if you were doing something like (I don't know the syntax exactly):
>>>> >
>>>> > $dbh->mysqli ("insert into table VALUES('it's')");
>>>> >
>>>> > then if you're using double-quotes (") to delimit the SQL string, PHP
>>>> > won't care that you have three single quotes inside it. That's just
>>>> > string data to PHP. What will happen is that mysqli will complain,
>>>> > because what it gets passed is wrong SQL.
>>>> >
>>>> > It would still be mysqli complaining if you did this:
>>>> >
>>>> > $dbh->mysqli ("three coins in a fountain, said Fred");
>>>> >
>>>>
>>>> Tim,
>>>>
>>>> No, RTS can't tell the difference between a string containing a single
>>>> quote and a string variable containing a single quote.
>>>
>>> Jerry, all you're doing now is bashing me.
>>> Makes no difference what the issue is, you just have to bash.
>>> Besides, you fucked up.
>>> You said single quote twice.
>>> (Oh but I meant to say that)
>>>
>>> You have stepped down to Evan's level.
>>>
>>
>> I'm just telling the truth, RTS. And I know I said single quote twice -
>> I meant to. And anyone with half a brain understands what I said.
>
> Jerry, you have stepped down to evan's level for sure.
Not at all. You're the one arguing from a position of ignorance (and
incompetence).
> this is a string: "It's Late".
> this is a variable string: $x="It's Late".
>
> The variable is nothing more than a shortcut.
No, the variable is MUCH MORE than a shortcut. But you don't understand
that.
> The variable allows us to use the same information over and over and at
> numerous places. We don't have to use a variable but it is there.
> It is cvalled a variable because the content can change as desired.
>
Congratulations - you can read the dictionary (don't know if you can
understand it, though).
But you're just proving your stupidity over and over again, arguing
something about which you know nothing.
>
> I'm done with you here, asswipe.
>
Thanks you!
--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
| Re: function for preserving special characters? [message #186108 is a reply to message #186106] |
Sat, 14 June 2014 02:08 |
Richard Damon
Messages: 58
Registered: August 2011
Karma: 0
|
Member |
|
|
On 6/13/14, 8:51 PM, Jerry Stuckle wrote:
>
> Richard,
>
> We've told RTS (Richard the Stupid) this many times but he never learns.
> Then he comes back and insults people who try to help him.
>
> That's the reason the regulars in this newsgroup aren't telling him.
> We're tired of him arguing (like he is with me earlier in this thread -
> and he's ALWAYS wrong) and insulting the rest of us.
>
> And of course he NEVER apologizes.
>
> Just search this newsgroup for RTS and look at some of the threads.
> You'll get an eyeful.
>
I am familiar with the other "richard", and do normally resist getting
too involved in answering. In this case, is others had given BAD answers
(using str_replace, and NOT taking care to handle even all of the normal
cases), I felt a proper answer needed to be added to avoid leading other
readers down the wrong path.
|
|
|
|
| Re: solved [message #186109 is a reply to message #186102] |
Sat, 14 June 2014 04:20 |
Evan Platt
Messages: 124
Registered: November 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 18:29:11 -0400, richard <noreply(at)example(dot)com>
wrote:
> You have stepped down to Evan's level.
Clueless troll.
You're just upset that I busted you for using a sock puppet because no
one in the SQL group will help your dumb ass.
How's that dome home coming, troll?
Now crawl back under your bridge.
--
To reply via e-mail, remove The Obvious and .invalid from my e-mail address.
|
|
|
|
| Re: solved [message #186113 is a reply to message #186102] |
Sat, 14 June 2014 19:50 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 18:29:11 -0400, richard wrote:
> On Fri, 13 Jun 2014 16:38:04 -0400, Jerry Stuckle wrote:
>> No, RTS can't tell the difference between a string containing a single
>> quote and a string variable containing a single quote.
> You said single quote twice.
He wasn't wrong. Look at the words preceding "a single quote". The fact
that you didn't even notice the difference between the two different
things that he was describing proves he is correct.
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
|
| Re: solved [message #186114 is a reply to message #186101] |
Sat, 14 June 2014 20:01 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On Fri, 13 Jun 2014 18:23:12 -0400, richard wrote:
>> It would still be mysqli complaining if you did this:
>> $dbh->mysqli ("three coins in a fountain, said Fred");
> Tim, I experiemented with that.
> Double quotes in the values() sends the data in the quotes as is. eg.
> values("$string") outputs $string as the data in that columnn.
> Not the value you assigned to $string.
That might be because to use double quotes inside the sql statement you
would have had to use single quotes at the php level, and php handles
strings quoted with single and double quotes differently.
--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]