Victor Kimura
asked on
escaped special characters PDO MySQL
Hi,
I'm wondering how I can avoid the display of the escaped characters like ' (quote), \ (backslash), etc when I'm using PHP PDO for MySQL.
Here is some of the code when I save and INSERT:
then when I SELECT:
I have magic quotes turned off.
Thank you,
Victor
I'm wondering how I can avoid the display of the escaped characters like ' (quote), \ (backslash), etc when I'm using PHP PDO for MySQL.
Here is some of the code when I save and INSERT:
$data = array($username, $encoded, $email, time(), '0', $promo);
$stmt = $this->oDB_ut_trust->prepare('INSERT INTO user
(username, md5_pw, email, timestamp, guided, promo)
VALUES (?,?,?,?,?,?)');
$stmt->execute($data);
then when I SELECT:
$stmt2 = $this->oDB_ut_trust->prepare('SELECT * FROM user
WHERE email = ?');
$data2 = array($email);
$stmt2->execute($data2);
$row2 = $stmt2->fetch(PDO::FETCH_ASSOC);
I have magic quotes turned off.
Thank you,
Victor
Try inserting var_dump($data) into the first script after line 4 and before the call to the execute() method. See what you get, and please post that back here in the code snippet.
ASKER
Here is some sample entered data:
Array
(
[0] => vkimura32
[1] => 7UNTsxuIM6D2kQlQmmkoq9ZDv0 vWSvG_JEVs JTiknd0
[2] => vkimura@ultratrust.com
[4] => 0
[5] => test's
)
Array
(
[0] => vkimura32
[1] => 7UNTsxuIM6D2kQlQmmkoq9ZDv0
[2] => vkimura@ultratrust.com
[4] => 0
[5] => test's
)
It looks like the [5] element has not been escaped. I would have expected test\'s instead.
ASKER
How can I fix this? Doesn't the prepare function do this with PDO? If not, then what am I missing?
Thanks
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay Slick812, thanks. So how do I resolve my problem?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Slick812,
I have this code INSERT:
And this code for the UPDATE:
Ray above suggested this:
Try inserting var_dump($data) into the first script after line 4 and before the call to the execute() method. See what you get, and please post that back here in the code snippet.
So I had this:
Here is some sample entered data for an INSERT:
Array
(
[0] => vkimura32
[1] => 7UNTsxuIM6D2kQlQmmkoq9ZDv0 vWSvG_JEVs JTiknd0
[2] => vkimura@ultratrust.com
[4] => 0
[5] => test's
)
Notice the field "promo" has
test's
with the single quote. When I look at my table user I see that this field ended up with an escape character so it looks like
test\'s
What is causing it and how can I prevent that escape character because when I display it with a SELECT statement the backslash is displaying on the page? Is it a settings somewhere in maybe php.ini?
Any help is appreciated. Thanks, Victor
I have this code INSERT:
$data = array($username, $encoded, $email, time(), '0', $promo);
$stmt = $this->oDB_ut_trust->prepare('INSERT INTO user
(username, md5_pw, email, timestamp, guided, promo)
VALUES (?,?,?,?,?,?)');
$stmt->execute($data);
And this code for the UPDATE:
$stmt2 = $this->oDB_ut_trust->prepare('SELECT * FROM user
WHERE email = ?');
$data2 = array($email);
$stmt2->execute($data2);
$row2 = $stmt2->fetch(PDO::FETCH_ASSOC);
Ray above suggested this:
Try inserting var_dump($data) into the first script after line 4 and before the call to the execute() method. See what you get, and please post that back here in the code snippet.
So I had this:
Here is some sample entered data for an INSERT:
Array
(
[0] => vkimura32
[1] => 7UNTsxuIM6D2kQlQmmkoq9ZDv0
[2] => vkimura@ultratrust.com
[4] => 0
[5] => test's
)
Notice the field "promo" has
test's
with the single quote. When I look at my table user I see that this field ended up with an escape character so it looks like
test\'s
What is causing it and how can I prevent that escape character because when I display it with a SELECT statement the backslash is displaying on the page? Is it a settings somewhere in maybe php.ini?
Any help is appreciated. Thanks, Victor
Is there any chance you have magic quotes enabled? You can find this in phpinfo();
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.