addslashes query

jonathen

Hi all,

I wonder if you can help. As a relative newbie needing a script that displays my tables and allows users to edit their own tables without mucking up others, I used a 3rd party script I found for database admin (basic admin, that is). Having used this for some time, and hacking it to my needs, I have encountered a problem. I have asked the original script creator, but my mails get bounced.

It should be easy, and I understand the concept, I just don't know where to do it. What I want to do is get the script to add slashes to entries within the db that contain ' characters. When I input them through a form, they contain the slashes. However, if I edit them through this script, the strip the slashes out, and then cause a mysql error.

The part of the script, is an array for a form to update entries, and it is pasted below - could anyone advise me where I would add the addslashes? Thank you in advance.

$res=mysql_query($sql);
        echo "<FORM name=frmUpdate method=POST>";
        echo "<input type=hidden name=action value=update>";
        echo "<input type=hidden name=oldUniqueId value=$uniqueId>";
        echo "<TABLE border=\"1\" cellspacing=\"0\" cellpadding=\"3\" bgcolor=\"#FFFFFF\" bordercolor=\"#000000\" width=55%>";
        echo "<tr><td COLSPAN=2 align=center bgcolor=\"#59002C\"><p class=\"header\"><b>You are editing $TheTableName/ID $uniqueId.</b></td></tr>";

    while($row=mysql_fetch_array($res))
    {
            for ( $i = 0; $i < $columns; $i++ )
            {
                    $arr = get_defined_vars();
                    $fieldName= mysql_field_name($fields,$i);
                    $fieldType= mysql_field_type($fields,$i);
                    $fieldNameValue= $arr[$fieldName."Val"];

                    echo "<TR>";
                    echo "<TD bgcolor=\"#F5F5F5\" width=\"30%\">".mysql_field_name($fields,$i)."</TD>";
                    if (preg_match ("/blob/i", $fieldType)) {
                            echo "<TD><textarea cols=\"30\" rows=\"5\" name=".mysql_field_name($fields,$i)."Val >".$row[$i]."</textarea></TD>";
                    } else {
                            echo "<TD><input name=".mysql_field_name($fields,$i)."Val value=\"".$row[$i]."\"></input></TD>";
                    }
                    echo "</TR>";
            }
            echo "<TR>";
  }
                echo "<TR>";
                echo "<TD COLSPAN=2 align=center bgcolor=\"#F5F5F5\"><input type=submit value=Update name=submit></TD>";
                echo "</TR>";
        }
        echo "</TABLE>";
        echo "</FORM>";
?>

diego25

I think you need to call stripslashes when you use $row[$i]

Diego