php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7630 ereg_replace or preg_replace
Submitted: 2000-11-03 17:57 UTC Modified: 2000-11-05 06:37 UTC
From: bmonro at ccbill dot com Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0.3pl1 OS: freeBSD
Private report: No CVE-ID: None
 [2000-11-03 17:57 UTC] bmonro at ccbill dot com
I have an HTML text input field generated by my php code:
	print "<input type=text name=varname>";

the script is accepting the input just fine.

I then need to pass the variable into a mysql database query.

This is where it barfs. 

it is putting backslashes before any single quotes i put in the text field.  So I tried using ereg_replace and preg_replace to replace the backslash with nothing (i.e. empty string).  but to no avail

here is what happens:

if I type this in the input box:

	login_id = 'username'

it sends this to the mysql query:
	login_id = \'username\'

ereg_replace and preg_replace are both getting messed up on the backslash. 

PLEASE HELP!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-05 06:37 UTC] stas@php.net
1. Turn off magic_quotes in your php.ini
2. To enter backslash into regular expression, double it. Like this: "\\\\". Yes, I know this is ugly, that's how escaping works. 
3. Please do not use bug database to ask PHP questions. Use it if you are *sure* there's a bug. For PHP questions, there's php-general@lists.php.net.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Oct 06 13:01:27 2024 UTC