Can I loop through DB results and remove Slashes?
(I started getting more slashes everytime I edited the text and put it back into the DB)
$db = new connection();
$query = "SELECT * FROM ITEMS, ALPACA_SALES WHERE ITEMS.uid = '$id' AND ALPACA_SALES.uid = ITEMS.uid";
$results = $db->开发者_StackOverflow中文版;query($query);
$data = array();
while($info = mysql_fetch_array($results))
{
$data[] = stripslashes($info);
}
But I am getting the following error:
Notice: Array to string conversion in /home/content/myfile.php on line 78
When I add the data to the database I do the following:
if (!empty($_POST['more_text']))
{
$more_text = addslashes($_POST['more_text']);
}
else
{
$error = false;
$error_message = "Please add a description.";
}
And then I use UPDATE for the insert into the DB:
$query2 = "UPDATE ALPACA_SALES SET more_text = '$more_text' WHERE uid = '$id'";
$result = $db->query($query2);
You can't run stripslashes() on an array, which is what $info is from storing mysql_fetch_array($results). You could iterate through $info and strip slashes on each entry, or explicitly strip slashes if you don't need to do all of them.
$i=0;
while($infoarray = mysql_fetch_assoc($results))
{
foreach($infoarray as $field=>$value){
$data[$i][$field] = stripslashes($value);
}
$i++;
}
Edit: You can also create a small function to strip slashes in an array, as outlined in the documentation here: http://us.php.net/manual/en/function.stripslashes.php
function stripslashes_deep($value)
{
$value = is_array($value) ?
array_map('stripslashes_deep', $value) :
stripslashes($value);
return $value;
}
// Example
$array = array("f\\'oo", "b\\'ar", array("fo\\'o", "b\\'ar"));
$array = stripslashes_deep($array);
Do not do that. stripslashes() is not enough to make a string safe to use in an SQL statement. Your code is vulnerable to SQL injection. Use prepared statements and bound parameters instead.
精彩评论