FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » str_replace ?
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
str_replace ? [message #183349] Mon, 21 October 2013 00:48 Go to next message
Mr Oldies is currently offline  Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
Senior Member
In my database I am noting that none of the song names containing a single
quote are being written.
If I use str_replace, how exactly should I write it?

The php manual is not all that clear.
http://php.net/manual/en/function.str-replace.php

e.g.

Name of song is "I'm Sorry".

$song=str_replace($song,"'%");
Re: str_replace ? [message #183352 is a reply to message #183349] Mon, 21 October 2013 01:02 Go to previous messageGo to next message
Lew Pitcher is currently offline  Lew Pitcher
Messages: 60
Registered: April 2013
Karma: 0
Member
On Sunday 20 October 2013 20:48, in comp.lang.php, "richard"
<noreply(at)example(dot)com> wrote:

> In my database I am noting that none of the song names containing a single
> quote are being written.
> If I use str_replace, how exactly should I write it?

By using mysql_real_escape_string()

http://ca1.php.net/manual/en/function.mysql-real-escape-string.php

See example #1, and modify for INSERT

--
Lew Pitcher
"In Skills, We Trust"
PGP public key available upon request
Re: str_replace ? [message #183356 is a reply to message #183349] Mon, 21 October 2013 01:06 Go to previous messageGo to next message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma: 0
Senior Member
On 10/20/2013 8:48 PM, richard wrote:
> In my database I am noting that none of the song names containing a single
> quote are being written.
> If I use str_replace, how exactly should I write it?
>
> The php manual is not all that clear.
> http://php.net/manual/en/function.str-replace.php
>
> e.g.
>
> Name of song is "I'm Sorry".
>
> $song=str_replace($song,"'%");
>

As you've been told may times before. ALL strings used in accessing ANY
SQL database need to be escaped.

You're not doing that.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
Re: str_replace ? [message #183357 is a reply to message #183352] Mon, 21 October 2013 01:55 Go to previous messageGo to next message
Mr Oldies is currently offline  Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
Senior Member
On Sun, 20 Oct 2013 21:02:10 -0400, Lew Pitcher wrote:

> On Sunday 20 October 2013 20:48, in comp.lang.php, "richard"
> <noreply(at)example(dot)com> wrote:
>
>> In my database I am noting that none of the song names containing a single
>> quote are being written.
>> If I use str_replace, how exactly should I write it?
>
> By using mysql_real_escape_string()
>
> http://ca1.php.net/manual/en/function.mysql-real-escape-string.php
>
> See example #1, and modify for INSERT

I don't quite follow the example.
What I have is this:

$played=$playme[$number][2];

mysql_query(
"INSERT INTO top20 (songs,name,hits)
VALUES (' ".$song." ',' ".$played." ',1)
ON DUPLICATE KEY UPDATE hits=hits+1");

Assume that $played="I'm Sorry".

Please show me how and where to put the proper coding.
Re: str_replace ? [message #183360 is a reply to message #183357] Mon, 21 October 2013 02:11 Go to previous messageGo to next message
David Robley is currently offline  David Robley
Messages: 23
Registered: March 2013
Karma: 0
Junior Member
richard wrote:

> On Sun, 20 Oct 2013 21:02:10 -0400, Lew Pitcher wrote:
>
>> On Sunday 20 October 2013 20:48, in comp.lang.php, "richard"
>> <noreply(at)example(dot)com> wrote:
>>
>>> In my database I am noting that none of the song names containing a
>>> single quote are being written.
>>> If I use str_replace, how exactly should I write it?
>>
>> By using mysql_real_escape_string()
>>
>> http://ca1.php.net/manual/en/function.mysql-real-escape-string.php
>>
>> See example #1, and modify for INSERT
>
> I don't quite follow the example.
> What I have is this:
>
$played = mysql_real_escape_string($playme[$number][2]);
>
> mysql_query(
> "INSERT INTO top20 (songs,name,hits)
> VALUES (' ".$song." ',' ".$played." ',1)
> ON DUPLICATE KEY UPDATE hits=hits+1");
>
> Assume that $played="I'm Sorry".
>
> Please show me how and where to put the proper coding.

Use the above; this is simpler than trying to introduce you to the
complexities of sprintf. You should use mysql_real_escape_string on any
strings you send to mysql.
--
Cheers
David Robley

"I teach at a university," Tom professed.
Re: str_replace ? [message #183377 is a reply to message #183352] Mon, 21 October 2013 13:16 Go to previous messageGo to next message
Mr Oldies is currently offline  Mr Oldies
Messages: 241
Registered: October 2013
Karma: 0
Senior Member
On Sun, 20 Oct 2013 21:02:10 -0400, Lew Pitcher wrote:

> On Sunday 20 October 2013 20:48, in comp.lang.php, "richard"
> <noreply(at)example(dot)com> wrote:
>
>> In my database I am noting that none of the song names containing a single
>> quote are being written.
>> If I use str_replace, how exactly should I write it?
>
> By using mysql_real_escape_string()
>
> http://ca1.php.net/manual/en/function.mysql-real-escape-string.php
>
> See example #1, and modify for INSERT

BTW, it is working just fine thanks.
Re: str_replace ? [message #183386 is a reply to message #183349] Mon, 21 October 2013 18:43 Go to previous messageGo to next message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
Senior Member
On Sun, 20 Oct 2013 20:48:26 -0400, richard wrote:

> In my database I am noting that none of the song names containing a
> single quote are being written.

There are some functions that have been suggested to you time and time
again over the years for making strings safe for use within urls, within
sql databases, and within html.

The fact that you still ask these questions shows that you do not absorb
the answers when they are given to you.

Therefore, there is now no point in providing the correct answers to
these questions.

Instead, here is a suggestion. In future, before posting a question here,
try entering into google (or any other search engine of your choice) the
question you wish to ask, for example:

<url:http://lmgtfy.com/?q=how+do+i+use+php+strings+with+single+quotes+in
+sql+queries>

Wow, the 4th through 7th replies point to php online manual pages. I
wonder if any of those might refer to the function needed. Best go read
them and see.

--
Denis McMahon, denismfmcmahon(at)gmail(dot)com
Re: str_replace ? [message #183389 is a reply to message #183386] Mon, 21 October 2013 23:10 Go to previous messageGo to next message
Norman Peelman is currently offline  Norman Peelman
Messages: 126
Registered: September 2010
Karma: 0
Senior Member
On 10/21/2013 02:43 PM, Denis McMahon wrote:
> On Sun, 20 Oct 2013 20:48:26 -0400, richard wrote:
>
>> In my database I am noting that none of the song names containing a
>> single quote are being written.
>
> There are some functions that have been suggested to you time and time
> again over the years for making strings safe for use within urls, within
> sql databases, and within html.
>
> The fact that you still ask these questions shows that you do not absorb
> the answers when they are given to you.
>
> Therefore, there is now no point in providing the correct answers to
> these questions.
>
> Instead, here is a suggestion. In future, before posting a question here,
> try entering into google (or any other search engine of your choice) the
> question you wish to ask, for example:
>
> <url:http://lmgtfy.com/?q=how+do+i+use+php+strings+with+single+quotes+in
> +sql+queries>
>
> Wow, the 4th through 7th replies point to php online manual pages. I
> wonder if any of those might refer to the function needed. Best go read
> them and see.
>

What I've noticed is that whenever he is given something to learn, he
disappears... he only want lines of code he can cut-n-paste.


--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
Re: str_replace ? [message #183390 is a reply to message #183349] Mon, 21 October 2013 23:14 Go to previous messageGo to next message
Norman Peelman is currently offline  Norman Peelman
Messages: 126
Registered: September 2010
Karma: 0
Senior Member
On 10/20/2013 08:48 PM, richard wrote:
> In my database I am noting that none of the song names containing a single
> quote are being written.
> If I use str_replace, how exactly should I write it?
>
> The php manual is not all that clear.
> http://php.net/manual/en/function.str-replace.php
>
> e.g.
>
> Name of song is "I'm Sorry".
>
> $song=str_replace($song,"'%");
>

I really don't understand how you come up with that example. The
manual is perfectly clear. But that's not your problem.

--
Norman
Registered Linux user #461062
-Have you been to www.php.net yet?-
Re: str_replace ? [message #183411 is a reply to message #183349] Wed, 23 October 2013 17:04 Go to previous messageGo to next message
Tobiah is currently offline  Tobiah
Messages: 30
Registered: April 2011
Karma: 0
Member
On 10/20/2013 05:48 PM, richard wrote:
> In my database I am noting that none of the song names containing a single
> quote are being written.
> If I use str_replace, how exactly should I write it?
>
> The php manual is not all that clear.
> http://php.net/manual/en/function.str-replace.php
>
> e.g.
>
> Name of song is "I'm Sorry".
>
> $song=str_replace($song,"'%");
>

You can also use parameter substitution with
mysqli.
Re: str_replace ? [message #183423 is a reply to message #183411] Thu, 24 October 2013 00:03 Go to previous message
Scott Johnson is currently offline  Scott Johnson
Messages: 196
Registered: January 2012
Karma: 0
Senior Member
On 10/23/2013 10:04 AM, Tobiah wrote:
> On 10/20/2013 05:48 PM, richard wrote:
>> In my database I am noting that none of the song names containing a
>> single
>> quote are being written.
>> If I use str_replace, how exactly should I write it?
>>
>> The php manual is not all that clear.
>> http://php.net/manual/en/function.str-replace.php
>>
>> e.g.
>>
>> Name of song is "I'm Sorry".
>>
>> $song=str_replace($song,"'%");
>>
>
> You can also use parameter substitution with
> mysqli.


mysqli is a dirty word to Richard.

Scotty
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: has anyone used multithreaded PHP appserver.io for application?
Next Topic: Observation
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sat Nov 23 12:10:44 GMT 2024

Total time taken to generate the page: 0.02425 seconds