 |
 |
 |
 |
|
|
Date: 01/03/00
- Next message: Sascha Schumann: "Re: [PHP-DEV] includeing c (BLADE)"
- Previous message: Andrei Zmievski: "Re: [PHP-DEV] includeing c (BLADE)"
- Next in thread: Phil Driscoll: "Re: [PHP-DEV] Bug #3088: addslashes doesn't work properly"
- Maybe reply: Phil Driscoll: "Re: [PHP-DEV] Bug #3088: addslashes doesn't work properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
From: guus <email protected>
Operating system: Win NT 4
PHP version: 3.0.11
PHP Bug Type: MSSQL related
Bug description: addslashes doesn't work properly
I am using a script for a discussiongroup (Phorum). I translated this script for use with MS SQL server. Everything works fine, except that when you use a single quote, you get an errormessage like:
Warning: MS SQL message: Line 1: Incorrect syntax near 'mdsjbf'. (severity 15) in D:\www.bestemming2005.mad\KPNrvbProgram\ui\forum\post.php3 on line 54
Warning: MS SQL message: Unclosed quote before the character string ', 1)'. (severity 15) in D:\www.bestemming2005.mad\KPNrvbProgram\ui\forum\post.php3 on line 54
Warning: MS SQL: Query failed in D:\www.bestemming2005.mad\KPNrvbProgram\ui\forum\post.php3 on line 54
- insert Into Algemeen (id, name, email, datestamp, topic, body, host, thread) values (7, 'Guus', 'guus <email protected>', '2000-01-03 15:42:53', 'RE: Test 4', 'dsfsdfs\'mdsjbf', ' ', 1)
The problem is obvious in the last line 'dsfsdfs\'mdsjbf'. Where \' is still seen as a '. When the script is ran on Linux / MySQL the problem doesn't exist.
if($MagicQuotes!=1){
$name = addslashes($name);
$email = addslashes($email);
$topic = addslashes($topic);
$body = addslashes($body);
}
$date = date("Y-m-d H:i:s");
$host = getenv('REMOTE_HOST');
/* $host = <email protected>($host); */
$host = " ";
$name = htmlspecialchars($name);
$email = htmlspecialchars($email);
$topic = htmlspecialchars($topic);
$body = htmlspecialchars($body);
if($UseCookies==1){
if((!IsSet($$cNameVar)) || ($$cNameVar != $name)) {
SetCookie("$cNameVar",$name,time()+ 31536000);
}
if((!IsSet($$cEmailVar)) || ($$cEmailVar != $email)) {
SetCookie("$cEmailVar",$email,time()+ 31536000);
}
}
/* ophogen id-counter */
$idresult = mssql_query("select max(id) as maxid from $sTable");
$id = mssql_result($idresult,0,'maxid');
$id++;
$sSQL = "insert Into $sTable (id, name, email, datestamp, topic, body, host, thread) values ($id, '$name', '$email', '$date', '$topic', '$body', '$host', $thread)";
Because the dos-and-donts file could not be found on your server, i hope i provided you with all the right information. If not please feel free to ask for all the info you need.
Kind regards and a happy new year!
Guus Sprokkereef
-- PHP Development Mailing List <http://www.php.net/> To unsubscribe, e-mail: php-dev-unsubscribe <email protected> For additional commands, e-mail: php-dev-help <email protected> To contact the list administrators, e-mail: php-list-admin <email protected>
- Next message: Sascha Schumann: "Re: [PHP-DEV] includeing c (BLADE)"
- Previous message: Andrei Zmievski: "Re: [PHP-DEV] includeing c (BLADE)"
- Next in thread: Phil Driscoll: "Re: [PHP-DEV] Bug #3088: addslashes doesn't work properly"
- Maybe reply: Phil Driscoll: "Re: [PHP-DEV] Bug #3088: addslashes doesn't work properly"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]