HTML Hic-ups, PHP Problems

[on:]

PEEL has a vast number of web-affiliated people, each with in-depth knowledge of most languages that get used in websites. I know that a lot of people have problems that seem simple to others but they just don't know how to fix it and so i decided to make a thread for it.

Do you have a problem that someone else might be able to solve? Try posting it here!

I'll start. I'm trying to write myself a basic PHP script that lets me interface with MySQL. I have a form, textarea and my info to be submitted to MySQL. The only problem is every ' comes out as \' and thus confuses MySQL. How to i stop them coming out as \'? Can i just tell it to run a textfile outputted by a local MySQL dump using PHP?

[Reply #1 on:]

This isn't directly related to your problem, but if you want a PHP-based interface for MySQL, you should really consider using phpMyAdmin.

It has pretty much everything you'll ever need.

[Reply #2 on:]

My host (Alltoons) currently won't let me use phpMyAdmin, but i do use it on my PC when testing stuff. Thus i'm trying to create a simple way to input large[ish] amounts of data using PHP and a textarea.

[Reply #3 on:]

Okay, I was just making sure you weren't trying to reinvent the wheel. 

As for your problem, would you mind showing us your code?

[Reply #4 on:]

Code: [Select]

<?
include "style1.php";

$sql_info = $_POST[']sql_info'];
if ($sql_info != '') {
$conn=mysql_connect("HOST", "USERNAME", "PASSWORD" );
@mysql_select_db("alltoon_thefryhole", $conn);

$sql = "$sql_info";
$result = mysql_query($sql, $conn);

if ($result) { echo "Data added"; }
else { echo "Something went wrong<br>"; $result = die(mysql_error()); echo $result; }

} else {
echo "<b>MySQL Inputs:</b><br><br>";


echo "<table width=100% border=0><tr><td rowspan=4 width=20> </td><td width=10%><form action='mysql_forms.php' method='POST'>";
echo "<td><b>$style[2]Input:$style[1]</font>:</b></td><td><textarea cols='30' rows='5' name='sql_info'></textarea></td></tr>";
echo "<td colspan=3 align=center><br><input type='submit' value='Submit MySQL Command'></td></tr>";
echo "</form>";
echo "</table>";
}

include "style2.php";
?>

Just removed the username and password bits, hope it's obvious what i'm doing.

EDIT: I know it works because i can do stuff like drop tables, but it's the \' confusing MySQL.

[Reply #5 on:]

Try replacing

Code: [Select]

$sql = "$sql_info";
with

Code: [Select]

$sql = stripslashes($sql_info);

[Reply #6 on:]

hmm, could you give an example of which sql commands aren't working?

I tried your code and it works correctly for me with an command like this:

INSERT INTO `users` VALUES (1, 'test','test@test.com');

The problem you might have is that mysql makes a difference between ' and ´ (see above example...).
Also this line seems pretty useless:
$sql = "$sql_info";
(or did I miss something?)
 

[Reply #7 on:]

Ah stripslashes(), where have you been? Thanks Mercapto. Only problem is i can only do one line of script at a time, damn. Ah well, part way there.

EDIT: It probably is useless, i have a lot of code like that which i really should clean up. And i never tried using `, just '. Anyway, it works with stripslashes(). It's whenever a command has ' in it, because PHP doesn't like using 's.

[Reply #8 on:]

That's strange as it works for me when using 's...
Maybe a php.ini configuration thingy.

[Reply #9 on:]

Must be, it doesn't work for me with aslate's original script on PHP 4.3.4.

[Reply #10 on:]

Ahh, I just found the bastard:

; - magic_quotes_gpc = Off         [Performance]
;     Input data is no longer escaped with slashes so that it can be sent into
;     SQL databases without further manipulation.

[Reply #11 on:]

That's the problem! Too bad i can't change that.