• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

insert statments via Post

I have a form with a textArea control on, which I want to be able to put several SQL statments in.
eg
insert into myTable values('hello1','Test');
insert into myTable values('hello2','Test');
insert into myTable values('hello3','Test');
insert into myTable values('hello4','Test');

However when I use the statment on the reciving page
echo $_Post['txtSqlStatment'];

I get:-
insert into myTable values(\'hello1\',\'Test\'); insert into myTable values(\'hello2\',\'Test\'); insert into myTable values(\'hello3\',\'Test\'); insert into myTable values(\'hello4\',\'Test\');

which then doesnt work cause of all the stupid '\'

Any ideas why, and how to get around this?
0
tonelm54
Asked:
tonelm54
1 Solution
 
RoonaanCommented:
You can do:

echo stripslashes($_POST['txtSqlStatement']);

Or include this code in the top of your file:

<?php
/*
 * Common used snippet to cancel out magic quotes
 * http://php.net/manual/en/function.get-magic-quotes-gpc.php#52090
 *
 */

  function stripslashes_deep($value)
  {
      return (is_array($value)
              ? array_map('stripslashes_deep', $value)
              : stripslashes($value)
             );
  }

  if (get_magic_quotes_gpc()) {
      $_GET    = array_map('stripslashes_deep', $_GET);
      $_POST   = array_map('stripslashes_deep', $_POST);
      $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
  }
?>

-r-
0
 
neesterCommented:
You could also turn off magic_quotes.
Ask your server admin - magic_quotes cause more issues than they solve.
magic_quotes_runtime is ever worse!

See this site for more info:
http://www.zend.com/manual/security.magicquotes.disabling.php

PHP.INI
; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off


.HTACCESS
php_flag magic_quotes_gpc Off


PHP
<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
?>
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Tackle projects and never again get stuck behind a technical roadblock.
Join Now