PDA

View Full Version : question on adding slashes to form feilds


2bz2p
08-04-2008, 05:31 PM
Hi,

So I know you should add slashes to ' and what not, though how do you prevent the slashes from showing up in the DB. I have this (out of my head so bear with me)


$aircraft_name = addslashes(trim($_POST['aname']));

then what ever code


when it hits the db it still has the slashes in it so like Bob's plane looks like bob/'s plane

Thanks
2b

davidj
08-04-2008, 06:02 PM
keep the slashes in the db and use

stripslashes($data);

when displaying

2bz2p
08-04-2008, 06:08 PM
okay so when I echo it it should look like

stripslashes($pilot['name']);

Thanks again
2b

davidj
08-04-2008, 06:11 PM
yes thats right

you could add it to the query function if you had one so it processes when the SQL is run and returned

2bz2p
08-04-2008, 06:29 PM
o so it would be like my arrays


$pilot = array(

'name' = stripslashes($results['name']);

)


or even


$query = code
stripslashes($results = mysql_query($query, $DB_CON) or die);


Thanks again
2b

davidj
08-04-2008, 06:43 PM
not sure if that will work

you could write a query function which handles all your queries

2bz2p
08-04-2008, 07:40 PM
I was thinking about making a function that I could use in this sense here


function query($query) {
global $database_conn_abrv, $conn_abrv, $callsign;
/*Lets Query the DB for all of the logged in Pilots info*/
mysql_select_db($database_conn_abrv, $conn_abrv);
$pilot = mysql_query($query, $conn_abrv) or die(mysql_error());
$row_pilot = mysql_fetch_assoc($pilot);
$all_rows_pilot = mysql_num_rows($pilot);

return $row_pilot;

}

$pilot = query("SELECT * FROM pilot WHERE callsign = '$callsign'") ;


Though the thing that is stopping me is a do while statement because it seems like it wouldnt work especially when I had the array in the function. Seemed like I needed that query to be wirtten into the page.

see example


do{

code

} while($row_fleet = mysql_fetch_assoc ($fleet))


thanks
2b