php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #7630 ereg_replace or preg_replace
Submitted: 2000-11-03 17:57 UTC Modified: 2000-11-05 06:37 UTC
From: bmonro at ccbill dot com Assigned:
Status: Closed Package: Unknown/Other Function
PHP Version: 4.0.3pl1 OS: freeBSD
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bmonro at ccbill dot com
New email:
PHP Version: OS:

 

 [2000-11-03 17:57 UTC] bmonro at ccbill dot com
I have an HTML text input field generated by my php code:
	print "<input type=text name=varname>";

the script is accepting the input just fine.

I then need to pass the variable into a mysql database query.

This is where it barfs. 

it is putting backslashes before any single quotes i put in the text field.  So I tried using ereg_replace and preg_replace to replace the backslash with nothing (i.e. empty string).  but to no avail

here is what happens:

if I type this in the input box:

	login_id = 'username'

it sends this to the mysql query:
	login_id = \'username\'

ereg_replace and preg_replace are both getting messed up on the backslash. 

PLEASE HELP!

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2000-11-05 06:37 UTC] stas@php.net
1. Turn off magic_quotes in your php.ini
2. To enter backslash into regular expression, double it. Like this: "\\\\". Yes, I know this is ugly, that's how escaping works. 
3. Please do not use bug database to ask PHP questions. Use it if you are *sure* there's a bug. For PHP questions, there's php-general@lists.php.net.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Dec 05 07:01:30 2024 UTC