insert statments via Post

Posted on 2006-06-02
Last Modified: 2006-11-18
I have a form with a textArea control on, which I want to be able to put several SQL statments in.
insert into myTable values('hello1','Test');
insert into myTable values('hello2','Test');
insert into myTable values('hello3','Test');
insert into myTable values('hello4','Test');

However when I use the statment on the reciving page
echo $_Post['txtSqlStatment'];

I get:-
insert into myTable values(\'hello1\',\'Test\'); insert into myTable values(\'hello2\',\'Test\'); insert into myTable values(\'hello3\',\'Test\'); insert into myTable values(\'hello4\',\'Test\');

which then doesnt work cause of all the stupid '\'

Any ideas why, and how to get around this?
Question by:tonelm54
    LVL 49

    Accepted Solution

    You can do:

    echo stripslashes($_POST['txtSqlStatement']);

    Or include this code in the top of your file:

     * Common used snippet to cancel out magic quotes

      function stripslashes_deep($value)
          return (is_array($value)
                  ? array_map('stripslashes_deep', $value)
                  : stripslashes($value)

      if (get_magic_quotes_gpc()) {
          $_GET    = array_map('stripslashes_deep', $_GET);
          $_POST   = array_map('stripslashes_deep', $_POST);
          $_COOKIE = array_map('stripslashes_deep', $_COOKIE);

    LVL 11

    Expert Comment

    You could also turn off magic_quotes.
    Ask your server admin - magic_quotes cause more issues than they solve.
    magic_quotes_runtime is ever worse!

    See this site for more info:

    ; Magic quotes

    ; Magic quotes for incoming GET/POST/Cookie data.
    magic_quotes_gpc = Off

    ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
    magic_quotes_runtime = Off

    ; Use Sybase-style magic quotes (escape ' with '' instead of \').
    magic_quotes_sybase = Off

    php_flag magic_quotes_gpc Off

    if (get_magic_quotes_gpc()) {
        function stripslashes_deep($value)
            $value = is_array($value) ?
                        array_map('stripslashes_deep', $value) :

            return $value;

        $_POST = array_map('stripslashes_deep', $_POST);
        $_GET = array_map('stripslashes_deep', $_GET);
        $_COOKIE = array_map('stripslashes_deep', $_COOKIE);

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    A colleague recently asked me about how to give his client a small part of the web site that could be completely under the client's control.  Since I have done this sort of thing before to add emergency banners to a web site, I decided I would creat…
    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to dynamically set the form action using jQuery.

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    6 Experts available now in Live!

    Get 1:1 Help Now