/    Sign up×
Community /Pin to ProfileBookmark

the net of double quota and single quota

Copy linkTweet thisAlerts:
May 19.2006

old SQL statement:
$sql = “update cdb_posts set subject=’$subject’ where pid=’$pid'”;

a variable:
$backurl = “article_list.php?mode=” . $mode . “&clsid=” . $clsid. “&mp=”. $mp;

i wanna modify the SQL statement and make the value of subject a URL:
$sql = “update cdb_posts set subject='<a href=’ . ‘”‘ . ‘article_list.php?mode=’ . $mode . ‘&clsid=’ . $clsid . ‘&mp=’ . $mp . ‘”‘ where pid=’$pid'”;

error shown&#65306;
Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING

what to do? how should i write the SQL statement?

Thank U!

to post a comment
PHP

10 Comments(s)

Copy linkTweet thisAlerts:
@i33333authorMay 19.2006 — in order to debug:

// ----------- start ---------------

<?php

$mode = 1;

$clsid = 2;

$mp = 3;

$sql = "update cdb_posts set subject='<a href=' . '"' . 'article_list.php?mode=' . $mode . '&clsid=' . $clsid . '&mp=' . $mp . '"' where pid='$pid'";

echo $sql;

echo mysql_error();

?>

// ------------- end ---------------

Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /var/www/html/test.php on line 6
Copy linkTweet thisAlerts:
@GarySMay 19.2006 — Haven't tested the following... so proceed with caution!

[code=php]

$mode='the_mode';
$clsid ='the_clsid';
$mp= 'the_mp';
$pid=100;


$subject = '<a href="article_list.php?mode=' . $mode . '&clsid=' . $clsid . '&mp=' . $mp . '">';
echo '<textarea rows="5" cols="100">' . $subject .'</textarea>';


$sql = 'update cdb_posts set subject="' . addslashes($subject) . '" where pid=' . $pid;
echo '<textarea rows="5" cols="100">' . $sql .'</textarea>';[/code]


I've separated out the "subject" part: you want to make sure this is right before sticking it into the database. I've echoed it into a text area so that you can see what's going on (otherwise you'd have to "view source").


As you correctly spotted, the quotes in "subject" are going to cause a problem with sriting to the database: [I]addslashes[/I] comes to the rescue by escaping the quotes. (Note that your magic quotes setting may make this step unnecessary).

Like I said, I haven't tested this, but I hope it gets you moving again.
Copy linkTweet thisAlerts:
@chazzyMay 19.2006 — sql requires single quotes.

so make this change from the last post
[code=php]
$sql = "update cdb_posts set subject='" . addslashes($subject) . "' where pid=" . $pid; [/code]
Copy linkTweet thisAlerts:
@i33333authorMay 20.2006 — Thank U, GaryS and chazzy!

i'll try it
Copy linkTweet thisAlerts:
@i33333authorMay 20.2006 — 

now the case is:
------------------------



old statments&#65306;

$sql = "update cdb_posts set subject='$subject' where pid='$pid'";

after a modification:

$sql = "update cdb_posts set subject='<a href="article_list.php?mode=$mode&clsid=$clsid&mp=$mp">$subject</a>' where pid='$pid'";

// this query statement can work normally

after another modification:

$sql = "update cdb_posts set subject='<a href="http://www.mydomainname/file.php?id=$id">$subject</a>' where pid='$pid'";

// the problem of this statement is that all works normally except the variable $subject can't show normally


what to do?
Copy linkTweet thisAlerts:
@i33333authorMay 20.2006 — up

everyone, any idea?
Copy linkTweet thisAlerts:
@GarySMay 20.2006 — There doesn't appear to be any material difference between the statements... so it's strange that the second one doesn't work. Have you tried echoing $subject just before to confirm that it still has the intended value?
Copy linkTweet thisAlerts:
@chazzyMay 20.2006 — what does this mean?

// the problem of this statement is that all works normally except the variable $subject can't show normally[/quote]
Copy linkTweet thisAlerts:
@i33333authorMay 20.2006 — oh, Grays, i didn't echo $subject.

i'll try it tomorrow. Thank U!


chazzy, the following query can work well, i.e., it can show a link on the page, but the problem is the value of $subject cannot show normally on the page.

$sql = "update cdb_posts set subject='<a href="http://www.mydomainname/file.php?id=$id">$subject</a>' where pid='$pid'";
Copy linkTweet thisAlerts:
@GarySMay 20.2006 — This is slightly off subject, but it's more usual to store link location and link value (your $subject) in separate fields in the database. Doing so would (a) remove the quotes complexity and (b) give you the flexibility to use the fields in other ways.

Just a thought!
×

Success!

Help @i33333 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.18,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...