This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 8 years ago.
I have a string which is a path and is a variable in which I have to save in my database. But the path is
C:\foldera\folderb\folder1\folder2
and obviously I need it to be
C:\\foldera\\folderb\\folder1\\folder2
for the insertion in database of mysql.
Please help me find the solution. I tried str_replace but it won't work.
Thanks in advance.
The function you are looking for is addslashes($string); This function adds the slashes to turn your string into the string you are looking for. But if you are planning on using it as a parameter in an SQL statment you want to use mysqli_real_escape_string()
Also use single quotes in the string in order for addslashes() to work properly. double quotes will parse it as \f not just '\'.
Related
This question already has answers here:
Why is "®" being rendered as "®" without the bounding semicolon
(8 answers)
Should an ampersand be URL encoded in a query string?
(2 answers)
Closed 2 years ago.
I have with an unwanted replaced, and not able to figure out how to fix it.
When you echo the following string in PHP
echo('?hash=123&rid=111×tamp=123');
The output is:
?hash=123&rid=111×tamp=123
Note that ×tamp has been replaced with ×tamp
I tried to escape it by using \×tamp but that doens't work.
How can I prevent PHP replacing this?
You can reproduce this error online using http://phptester.net/
You have to escape that string, because & is a special symbol in HTML.
echo htmlspecialchars('?hash=123&rid=111×tamp=123');
More information on the PHP site: https://www.php.net/manual/en/function.htmlspecialchars.php
This question already has answers here:
How to use str_replace to replace single and double quotes
(7 answers)
Closed 4 years ago.
I'm having trouble replacing a single quote in a string, the purpose is to create part of an URL
For example : If I type in "Villeneuve d'ascq" I would want to have :
Villeneuve+d%27ascq", %27 being the ascii equivalent of (')
I tried using str_replace("'", ord("'"), string_name) but it doesn't seem to work
Any help would be appreciated and feel free to ask for any more details
Please try this :
echo 'test';
You can also check this at :
PHP MANUAL
This question already has answers here:
Escaping quotation marks in PHP
(7 answers)
How can I prevent SQL injection in PHP?
(27 answers)
Closed 5 years ago.
I have a php variable referring to a string that contains apostrophes, but when I quote this variable, it thinks I am trying to end the string. My variable is reading from an array of table data, so I can not go in and put a "\" before every apostrophe in the table. If $foo contains the string "don't", how do I correctly say '$foo' without it trying to end the string. Thanks.
You are correct in thinking that you need to add escape characters ("\") before the apostrophes.
To do this on the fly with the database data you can use the php function addslashes.
so:
$escapedString = addslashes($string);
You could also do this with the string replace function for higher precision:
$escapedString = str_replace("'", "\'", $string);
You can use PHP's addslashes PHP Manual - Add slashes
$foo = addslashes($foo);
This question already has answers here:
json_encode() escaping forward slashes
(4 answers)
Closed 7 years ago.
When i insert url like this
alliedpaint-001-site1.smarterasp.net/white.png
in mysql and encode it using json my url shows like this
alliedpaint-001-site1.smarterasp.net\/white.png
How i can solve this?
json_encode returns the string, it inserts "\" in order to avoid special interpretation.
you can do 2 things-
1) json_encode($mystring, JSON_UNESCAPED_SLASHES);
or
replace "\" with space using regex.
Hope this helps.
This question already has answers here:
How do I escape special characters in MySQL?
(8 answers)
Closed 8 years ago.
i was wondering how can i include everything written on my textbox to be inserted in mysql database
for example:
textbox = "{\buildrel{\lim}"
but what happens is the \ (backslash) remove 'b' and 'l' and the data inserted to my database will be
{uildrelim} somewhat like this, it might come up removing the { } as well
so is there any techniques or method you can advise? so that everything i put in my textbox will be inserted to my database as it is.
I found this solution:
i just need to use the str_replace() method to replace single \ with double \\
$textbox = str_replace('\\\','\\\\\\\',$textbox);
where {\buildrel{\lim} will be {\\\buildrel{\\\lim}
No, You dont use str_replace(), you have addslashes() and stripslashes(), those two are the two functions you are looking for.
Changing a string with str_replace functions isnt a smart thing to do. Those functions aren't created with this in mind, the add/striposlashes are. You might forget a character which you needed to str_replace with a slash.
Also, that whole battery of slashes and escaping slashes doesnt make your code very readable :P