php - MySqli Real Escape Not Working -

-

i've been using script upload articles website , done bit of maintainance , when add article on server it's adding slashes text. here code i'm using:

$con = mysqli_connect("localhost","db_username","db_password","db_database");  $title = ucwords($_post['title']); $category = $_post['category']; $article = $_post['article']; $alt = $_post['alt'];  $title = mysqli_real_escape_string($con, $title); $article = mysqli_real_escape_string($con, $article); $alt = mysqli_real_escape_string($con, $alt);  $insert_post_sql = "insert ".$site_id."_articles (id, category, photo, alt, title, article, added, views) values('$id', '$category', '.$extension', '$alt', '$title', '$article', '$added', '$views')"; $insert_post_res = mysqli_query($con, $insert_post_sql); if(mysqli_affected_rows($con)>0){ move_uploaded_file($_files["photo"]["tmp_name"],"$path" . $id . "." . $extension); header("location: ../article.php?id=$id"); exit(); } else{ echo "0"; };

so article text looks this: here\'s article\'s text

can tell me why escape isn't working here?

can tell me why escape isn't working here?

mysqli_real_escape_string() possibly doing "escaping" require, "is adding slashes text" not mysqli_real_escape_string() does. don't expect modify code, or add backslashes. escapes chars when adding database.

something other mysqli_real_escape_string() adding slashes text.

mysqli_real_escape_string:

escapes special characters in string use in sql statement, taking account current charset of connection

.

it's adding slashes text when upload here\'s it\'s doing

if have not manually coded in script escape backslash, such using function addslashes(), @zerkms suggested, have magic quotes turned on, "does" escape adding backslash automatically.

determine if magic quotes enabled

if have magic quotes enabled, read this: why not use magic quotes

edit

the suggestion use stripslashes() may make problem "go out of sight", not fix underlying problem, nor attempt address potential issue of using magic quotes, again why not use magic quotes.

just turn off magic quotes, fixing issue, other security concerns, , fact depreciated , shouldn't using in code may not work on newer server or server update.

if have magic quotes enabled, wasting resources magic quotes adding slashes , stripslashes() removing them.

this not fix, "bodge".
if you're happy no worries, @ all, fyi in opinion approach not practice @ all.


Comments

Post a Comment

Popular posts from this blog

java - Oracle EBS .ClassNotFoundException: oracle.apps.fnd.formsClient.FormsLauncher.class ERROR -

-
i need in configuring java on machine because, when try loading forms, loader goes in circles , gives error: java.lang.classnotfoundexception: oracle.apps.fnd.formsclient.formslauncher.class @ sun.plugin2.applet.applet2classloader.findclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass0(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadclass(unknown source) @ java.lang.classloader.loadclass(unknown source) @ sun.plugin2.applet.plugin2classloader.loadcode(unknown source) @ sun.plugin2.applet.plugin2manager.createapplet(unknown source) @ sun.plugin2.applet.plugin2manager$appletexecutionrunnable.run (unknown source) @ java.lang.thread.run(unknown source) i have tried re-installing firefox, older versions of java runtime environments, disabling proxy. what missing? application working on other machines. i spent around 100 hours finding s
Read more

c# - how to use buttonedit in devexpress gridcontrol -

-
Image
i trying create gridcontrol buttonedit in 1 of columns. when user clicks button edit, popups form select product. when selection done on popup, returns datarow selection main grid below. but when column loses focus, value wrote column disappear. here code creates gridcontrol's data , buttonedit's click event. private void frmsiparisnew_load(object sender, eventargs e) { dt = new datatable(); dt.columns.add("malzeme_kodu",typeof(string)); dt.columns.add("malzeme_aciklama", typeof(string)); dt.columns.add("adet", typeof(decimal)); dt.columns.add("birim", typeof(string)); dt.columns.add("fiyat", typeof(decimal)); dt.columns.add("kur", typeof(string)); dt.columns.add("tutar", typeof(decimal)); datarow dr = dt.newrow(); dt.rows.add(dr); gc.datasource = dt; } private void repositoryitembuttoneditmal
Read more

nvd3.js - angularjs-nvd3-directives setting color in legend as well as in chart elements -

-
good morning i using angularjs-nvd3-directives, great, having difficulties when setting color of multi bar chart ( http://cmaurer.github.io/angularjs-nvd3-directives/multi.bar.chart.html ). the show legend works well: <div ng-controller="examplectrl"> <nvd3-multi-bar-chart data="exampledata" id="showlegendexample" width="550" height="300" showxaxis="true" showyaxis="true" xaxistickformat="xaxistickformatfunction()" showlegend="true"> <svg></svg> </nvd3-multi-bar-chart> </div> but when add option in conjunction color="colorfunction()" where, var colorarray = ['#ff0000', '#0000ff', '#ffff00', '#00ffff']; $scope.colorfunction = function() { return function(d, i) { return colorarray[i]; }; } the color of cha
Read more