tags:

views:

166

answers:

2
+1  Q: 

Slashes in MySQL tables, but using PDO and parameterized queries. Whats up?

Alright, so my code to update my database tables is varying flavours of the following:

$query = "
  insert into Comment 
    (Comment, CommentDate, Rating, UserRid) 
  values 
    (:comment, now(), 0, :userrid )" ;

try {           
  $db_conn = new PDO('mysql:host='.$db_server.';dbname='.$db_name, $db_username, $db_password );

  $db_conn->beginTransaction();
  $prep = $db_conn->prepare($query);
  $prep->bindParam(':comment', $comment, PDO::PARAM_STR, 500);
  $prep->bindParam(':userrid', $userrid, PDO::PARAM_INT, 20);
  $prep->execute();

  $db_conn->commit();
} catch (PDOException $e)  {
  $db_conn.rollBack();
  echo "Error!: " . $e->getMessage() . "<br/>";
  die();
}

In the above, comment comes in via Post from another page. Userrid is being set properly via a function call. Everything works properly, except the slashes get added to the table.

Everything I've read says that in order to get around having slashes whenever someone types in an apostrophe that I should be using parameterized queries. If I'm not mistaken, I'm pretty sure that's what I'm doing. Am I missing something? Can anybody let me know what I'm not doing right?

Thanks in advance, Michael

A: 

It prevents you from having to add them, but things like magic_quotes_gpc will put them in regardless of whether or not they're needed.

Ignacio Vazquez-Abrams  2010-01-24 21:16:54
Alright, how do I get rid of them? As near as I can tell, I'm not using anything in my code that says magic_quotes.
Michael Beck  2010-01-24 21:25:03
+1  A: 

Probably ou've magic_quotes_gpc() turned on, you need to do something like this:

if (get_magic_quotes_gpc() == true)
{
    $comment = stripslashes($comment);
    $userrid = stripslashes($userrid);
}

If you're using PHP 5.3+ you can get rid of all magic quoted variables by placing the following lines of code on the top of your file:

if (get_magic_quotes_gpc() === 1)
{
    $_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);
    $_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);
    $_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);
    $_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);
}

If you're running a lower version of PHP you should take a look at this page.

Alix Axel  2010-01-24 21:25:26
Thanks for the suggestion, but after adding that in, I get...Fatal error: Call to undefined function magic_quotes_gpc() in <insert file path here> on line <blah blah>
Michael Beck  2010-01-24 21:29:50
Hey, the link you sent along seemed to get me sorted out. Thank you very much for your help.
Michael Beck  2010-01-24 21:35:59
@Michael Beck: I'm sorry, I had a typo. It's fixed now.
Alix Axel  2010-01-24 21:50:00
No worries. That link you sent was extremely helpful. ;-) Thanks again.
Michael Beck  2010-01-25 22:31:09

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL