?
Solved

insert statments via Post

Posted on 2006-06-02
2
Medium Priority
?
222 Views
Last Modified: 2006-11-18
I have a form with a textArea control on, which I want to be able to put several SQL statments in.
eg
insert into myTable values('hello1','Test');
insert into myTable values('hello2','Test');
insert into myTable values('hello3','Test');
insert into myTable values('hello4','Test');

However when I use the statment on the reciving page
echo $_Post['txtSqlStatment'];

I get:-
insert into myTable values(\'hello1\',\'Test\'); insert into myTable values(\'hello2\',\'Test\'); insert into myTable values(\'hello3\',\'Test\'); insert into myTable values(\'hello4\',\'Test\');

which then doesnt work cause of all the stupid '\'

Any ideas why, and how to get around this?
0
Comment
Question by:tonelm54
2 Comments
 
LVL 49

Accepted Solution

by:
Roonaan earned 2000 total points
ID: 16820671
You can do:

echo stripslashes($_POST['txtSqlStatement']);

Or include this code in the top of your file:

<?php
/*
 * Common used snippet to cancel out magic quotes
 * http://php.net/manual/en/function.get-magic-quotes-gpc.php#52090
 *
 */

  function stripslashes_deep($value)
  {
      return (is_array($value)
              ? array_map('stripslashes_deep', $value)
              : stripslashes($value)
             );
  }

  if (get_magic_quotes_gpc()) {
      $_GET    = array_map('stripslashes_deep', $_GET);
      $_POST   = array_map('stripslashes_deep', $_POST);
      $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
  }
?>

-r-
0
 
LVL 11

Expert Comment

by:neester
ID: 16823662
You could also turn off magic_quotes.
Ask your server admin - magic_quotes cause more issues than they solve.
magic_quotes_runtime is ever worse!

See this site for more info:
http://www.zend.com/manual/security.magicquotes.disabling.php

PHP.INI
; Magic quotes
;

; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = Off

; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc.
magic_quotes_runtime = Off

; Use Sybase-style magic quotes (escape ' with '' instead of \').
magic_quotes_sybase = Off


.HTACCESS
php_flag magic_quotes_gpc Off


PHP
<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
?>
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses
Course of the Month15 days, 10 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question