开发者

stip slashes from database return with while loop

开发者 https://www.devze.com 2023-02-28 10:07 出处:网络
Can I loop through DB results and remove Slashes? (I started getting more slashes everytime I edited the text and put it back into the DB)

Can I loop through DB results and remove Slashes?

(I started getting more slashes everytime I edited the text and put it back into the DB)

$db = new connection();

$query = "SELECT * FROM ITEMS, ALPACA_SALES WHERE ITEMS.uid = '$id' AND ALPACA_SALES.uid = ITEMS.uid";
$results = $db->开发者_StackOverflow中文版;query($query);

$data = array();    
while($info = mysql_fetch_array($results))
{
    $data[] = stripslashes($info);
}

But I am getting the following error:

Notice: Array to string conversion in /home/content/myfile.php  on line 78

When I add the data to the database I do the following:

if (!empty($_POST['more_text']))
{
    $more_text = addslashes($_POST['more_text']); 
}
else
{
    $error = false;
    $error_message = "Please add a description.";
}

And then I use UPDATE for the insert into the DB:

$query2 = "UPDATE ALPACA_SALES SET more_text = '$more_text' WHERE uid = '$id'"; 

$result = $db->query($query2);


You can't run stripslashes() on an array, which is what $info is from storing mysql_fetch_array($results). You could iterate through $info and strip slashes on each entry, or explicitly strip slashes if you don't need to do all of them.

$i=0;
while($infoarray = mysql_fetch_assoc($results))
    {
        foreach($infoarray as $field=>$value){
            $data[$i][$field] = stripslashes($value);
        }
        $i++;
    }

Edit: You can also create a small function to strip slashes in an array, as outlined in the documentation here: http://us.php.net/manual/en/function.stripslashes.php

function stripslashes_deep($value)
{
    $value = is_array($value) ?
                array_map('stripslashes_deep', $value) :
                stripslashes($value);

    return $value;
}

// Example
$array = array("f\\'oo", "b\\'ar", array("fo\\'o", "b\\'ar"));
$array = stripslashes_deep($array);


Do not do that. stripslashes() is not enough to make a string safe to use in an SQL statement. Your code is vulnerable to SQL injection. Use prepared statements and bound parameters instead.

0

精彩评论

暂无评论...
验证码 换一张
取 消