mysql « Kevin Pajak – Interactive Web Developer/Designer – BLOG

Posts Tagged ‘mysql’

How to replace a backslash character in a string

Friday, February 12th, 2010

Ah, so often it’s the little things eh…

PROBLEM: I needed to find a way to “re-process” text a user enters for a live chat client I’m working on (in which I prevented MySQL database injections via the mysqli_real_escape_string function). The problem of course is that the text the user enters nicely protects you from a MySQL database injection, BUT the text then comes back full of backslash (\) characters (not too cool looking huh). So, to remove these, you can use the following code (here, I use the PHP str_replace function:

// Convert escaped characters back to regular text
$string = str_replace("\\", "", $string);

Thanks to Geoff Muldoon for this one!:
How to replace a backslash character in a string?

Tags: , ,
Posted in Web Dev/Design | 1 Comment »

mysqli_real_escape requires TWO parameters!

Thursday, February 11th, 2010

Props to this really useful post on PHPFreaks.com:
http://www.phpfreaks.com/forums/index.php?topic=219045.0

I was having some issues with a mysqli_real_escape_string function that I had converted from mysql to mysqli I believe that the mere mysql version of this tag can function with just a $value, but the mysqli version requires TWO PARAMETERS: both the $connection variable, and the $string (whatever variable your particular function uses. The one I have here goes through all posts in a foreach statement and escapes the values of all posts using an array (to prevent MySQL injections).

Ex:
//This stops SQL Injection in POST vars
foreach ($_POST as $key => $value) {
$_POST[$key] = mysqli_real_escape_string($connection, $value);
}

$connection = whichever variable you would normally use to reference connection to your MySQL database(s).

THIS POST solved my problem! (Thanks a lot Bendude14!)

Tags: ,
Posted in Web Dev/Design | No Comments »