Ave,

I¹m inserting values out of an array into mySQL. There¹s other values
besides the array values that are being inserted as well. This is my simple
INSERT code:

$sql = "INSERT INTO db
(Date,Time,Phone,Account,AccountType,RateCl***,Vol tLevel,IsoZone,TaxDist,Loa
dProfile,ServiceName,ServiceAddress,ServiceCity,Se rviceState,ServiceZip,Dema
nd,Kwh,Cost) VALUES ('$dt','$tm','$thephone','".implode("','",
array_values($var))."')";

$var can contain values that have special characters that I need to escape.
I¹d like to use mysql_escape_string() but I¹m not sure how to integrate
mysql_escape_string here with the INSERT statement. I tried it, but it¹s not
working. Any clues?

Thanks.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rahul Sitaram Johari
CEO, Twenty Four Seventy Nine Inc.

W: http://www.rahulsjohari.com
E: EMAIL REMOVED

³I morti non sono piu soli ... The dead are no longer lonely²

2007. 05. 25, péntek keltezéssel 11.32-kor Rahul Sitaram Johari ezt
ÃÂ*rta:
> Ave,
>
> I¹m inserting values out of an array into mySQL. There¹s other values
> besides the array values that are being inserted as well. This is my simple
> INSERT code:
>
> $sql = "INSERT INTO db
> (Date,Time,Phone,Account,AccountType,RateCl***,Vol tLevel,IsoZone,TaxDist,Loa
> dProfile,ServiceName,ServiceAddress,ServiceCity,Se rviceState,ServiceZip,Dema
> nd,Kwh,Cost) VALUES ('$dt','$tm','$thephone','".implode("','",
> array_values($var))."')";
>
> $var can contain values that have special characters that I need to escape.
> I¹d like to use mysql_escape_string() but I¹m not sure how to integrate
> mysql_escape_string here with the INSERT statement. I tried it, but it¹s not
> working. Any clues?

you should do the escaping before ***embling the INSERT statement
a useful tool for this is array_map():
http://hu.php.net/array_map

then you can use the above method for creating the query string

greets
Zoltán Németh

>
> Thanks.
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Rahul Sitaram Johari
> CEO, Twenty Four Seventy Nine Inc.
>
> W: http://www.rahulsjohari.com
> E: EMAIL REMOVED
>
> ³I morti non sono piu soli ... The dead are no longer lonely²
>

Ok, I'm not able to use array_map() at all to my benefit, or at least I
can't figure out how to.

I'm trying to generate the string with escape slashes before I put it in the
INSERT statement, but it's not working primarily because values have to be
enclosed in Single Quotes while inserting into mySQL and Single Quote itself
is escape when using mysql_escape_string!!!

On 5/25/07 11:41 AM, "Zoltán Németh" <EMAIL REMOVED> wrote:

>> Ave,
>>
>> I¹m inserting values out of an array into mySQL. There¹s other values
>> besides the array values that are being inserted as well. This is my simple
>> INSERT code:
>>
>> $sql = "INSERT INTO db
>> (Date,Time,Phone,Account,AccountType,RateCl***,Vol tLevel,IsoZone,TaxDist,Loa
>> dProfile,ServiceName,ServiceAddress,ServiceCity,Se rviceState,ServiceZip,Dema
>> nd,Kwh,Cost) VALUES ('$dt','$tm','$thephone','".implode("','",
>> array_values($var))."')";
>>
>> $var can contain values that have special characters that I need to escape.
>> I¹d like to use mysql_escape_string() but I¹m not sure how to integrate
>> mysql_escape_string here with the INSERT statement. I tried it, but it¹s not
>> working. Any clues?
>
> you should do the escaping before ***embling the INSERT statement
> a useful tool for this is array_map():
> http://hu.php.net/array_map
>
> then you can use the above method for creating the query string
>

Ave,

Alright, here's I solved it. Used the array_walk function. This is my code:

function test_alter(&$item1) {
$item1 = mysql_escape_string($item1);
}
array_walk($var, 'test_alter');
$var = implode("','", $var);

$sql = "INSERT INTO
nimo_account(Date,Time,Phone,Account,AccountType,R ateCl***,VoltLevel,IsoZone
,TaxDist,LoadProfile,ServiceName,ServiceAddress,Se rviceCity,ServiceState,Ser
viceZip,Demand,Kwh,Cost) VALUES ('$dt','$tm','$thephone','".$var."')";
$result = mysql_query($sql) or die("Critical Error: ".mysql_error());

And it Works!
All special characters are escaped within the Array's Values itself, and
then I just implode them with ',' and add them to the mySQL Database!!


On 5/25/07 11:32 AM, "Rahul Sitaram Johari" <EMAIL REMOVED>
wrote:

>
> Ave,
>
> I¹m inserting values out of an array into mySQL. There¹s other values besides
> the array values that are being inserted as well. This is my simple INSERT
> code:
>
> $sql = "INSERT INTO db
> (Date,Time,Phone,Account,AccountType,RateCl***,Vol tLevel,IsoZone,TaxDist,LoadP
> rofile,ServiceName,ServiceAddress,ServiceCity,Serv iceState,ServiceZip,Demand,K
> wh,Cost) VALUES ('$dt','$tm','$thephone','".implode("','",
> array_values($var))."')";
>
> $var can contain values that have special characters that I need to escape.
> I¹d like to use mysql_escape_string() but I¹m not sure how to integrate
> mysql_escape_string here with the INSERT statement. I tried it, but it¹s not
> working. Any clues?
>
> Thanks.

You want to use mysql_escape_string, and NOT addslashes and NOT Magic
Quotes.

On Fri, May 25, 2007 12:34 pm, Rahul Sitaram Johari wrote:
>
> Ok, I'm not able to use array_map() at all to my benefit, or at least
> I
> can't figure out how to.
>
> I'm trying to generate the string with escape slashes before I put it
> in the
> INSERT statement, but it's not working primarily because values have
> to be
> enclosed in Single Quotes while inserting into mySQL and Single Quote
> itself
> is escape when using mysql_escape_string!!!
>
> On 5/25/07 11:41 AM, "Zoltán Németh" <EMAIL REMOVED> wrote:
>
>>> Ave,
>>>
>>> I¹m inserting values out of an array into mySQL. There¹s other
>>> values
>>> besides the array values that are being inserted as well. This is
>>> my simple
>>> INSERT code:
>>>
>>> $sql = "INSERT INTO db
>>> (Date,Time,Phone,Account,AccountType,RateCl***,Vol tLevel,IsoZone,TaxDist,Loa
>>> dProfile,ServiceName,ServiceAddress,ServiceCity,Se rviceState,ServiceZip,Dema
>>> nd,Kwh,Cost) VALUES ('$dt','$tm','$thephone','".implode("','",
>>> array_values($var))."')";
>>>
>>> $var can contain values that have special characters that I need to
>>> escape.
>>> I¹d like to use mysql_escape_string() but I¹m not sure how to
>>> integrate
>>> mysql_escape_string here with the INSERT statement. I tried it, but
>>> it¹s not
>>> working. Any clues?
>>
>> you should do the escaping before ***embling the INSERT statement
>> a useful tool for this is array_map():
>> http://hu.php.net/array_map
>>
>> then you can use the above method for creating the query string
>>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>


--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

On Fri, May 25, 2007 10:32 am, Rahul Sitaram Johari wrote:
>
> Ave,
>
> I¹m inserting values out of an array into mySQL. There¹s other values
> besides the array values that are being inserted as well. This is my
> simple
> INSERT code:

array_map('mysql_real_escape_string', $var);

This ***umes that you have exactly ONE MySQL connection open, or at
least that you have one open, and want to use that same connection
here.


--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?

On 5/30/07, Richard Lynch <EMAIL REMOVED> wrote:
> You want to use mysql_escape_string, and NOT addslashes and NOT Magic
> Quotes.

function slashes( $var )
{
if( is_array( $var ) )
{
return array_map( 'slashes', $var );
}
else
{
return mysql_real_escape_string( $var );
}
}

set_magic_quotes_runtime( 0 );

if( get_magic_quotes_gpc() == 0 )
{
$_GET = isset( $_GET )
? array_map( 'slashes', $_GET )
: array();

$_POST = isset( $_POST )
? array_map( 'slashes', $_POST )
: array();

$_COOKIE = isset( $_COOKIE )
? array_map( 'slashes', $_COOKIE )
: array();
}


--
Greg Donald
http://destiney.com/

Greg Donald wrote:
> On 5/30/07, Richard Lynch <EMAIL REMOVED> wrote:
>> You want to use mysql_escape_string, and NOT addslashes and NOT Magic
>> Quotes.
>
> function slashes( $var )
> {
> if( is_array( $var ) )
> {
> return array_map( 'slashes', $var );
> }
> else
> {
> return mysql_real_escape_string( $var );
> }
> }

Say I wanted to use this on something other than $_GET, $_POST, & $_COOKIE?

Would it not be better practice to do this the other way around?

function slashes ( $var ) {
if ( is_scalar($var) ) {
return mysql_real_escape_string( $var );
} else {
return array_map( 'slashes', $var );
}
}

This way, even if someone p***es something that is not an array, but
still not processable by mysql_real_escape_string(), it won't foul up
the processor.

>
> set_magic_quotes_runtime( 0 );
>
> if( get_magic_quotes_gpc() == 0 )
> {
> $_GET = isset( $_GET )
> ? array_map( 'slashes', $_GET )
> : array();
>
> $_POST = isset( $_POST )
> ? array_map( 'slashes', $_POST )
> : array();
>
> $_COOKIE = isset( $_COOKIE )
> ? array_map( 'slashes', $_COOKIE )
> : array();
> }
>
>

On 5/30/07, Jim Lucas <EMAIL REMOVED> wrote:
> Say I wanted to use this on something other than $_GET, $_POST, & $_COOKIE?

Then I suppose you'll have to compensate with updates to support your
particular usage.


--
Greg Donald
http://destiney.com/

On Wed, May 30, 2007 9:55 pm, Jim Lucas wrote:
> Greg Donald wrote:
>> On 5/30/07, Richard Lynch <EMAIL REMOVED> wrote:
>>> You want to use mysql_escape_string, and NOT addslashes and NOT
>>> Magic
>>> Quotes.
>>
>> function slashes( $var )
>> {
>> if( is_array( $var ) )
>> {
>> return array_map( 'slashes', $var );
>> }
>> else
>> {
>> return mysql_real_escape_string( $var );
>> }
>> }
>
> Say I wanted to use this on something other than $_GET, $_POST, &
> $_COOKIE?
>
> Would it not be better practice to do this the other way around?
>
> function slashes ( $var ) {
> if ( is_scalar($var) ) {
> return mysql_real_escape_string( $var );
> } else {
> return array_map( 'slashes', $var );
> }
> }
>
> This way, even if someone p***es something that is not an array, but
> still not processable by mysql_real_escape_string(), it won't foul up
> the processor.
>
>>
>> set_magic_quotes_runtime( 0 );
>>
>> if( get_magic_quotes_gpc() == 0 )
>> {
>> $_GET = isset( $_GET )
>> ? array_map( 'slashes', $_GET )
>> : array();
>>
>> $_POST = isset( $_POST )
>> ? array_map( 'slashes', $_POST )
>> : array();
>>
>> $_COOKIE = isset( $_COOKIE )
>> ? array_map( 'slashes', $_COOKIE )
>> : array();
>> }

Well, if it's not a scalar, and it's not an array, and you call
array_map on it, things could get very ugly very fast...

I'm not sure what other datatypes you might try to p*** in, that PHP
won't type-juggle to a string when it goes to
mysql_real_escape_string...

Exactly what "other" data are you planning on calling 'slashes' on?

--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?