how do i escape the % sign?

mastrboy

i tryed with addcslashes() and addslashes()

but it still just prints : "%" insted of "/%"

little help would be appriciated 🙂

laserlight

Where exactly do you want to escape the % symbol? You dont need to escape it in a PHP string, be it single quoted or double quoted. If you want to escape it in a urlencoded string, you would use %25

mastrboy

trying to escape it before an SQL query, from f eks: $_POST['username']..

tested with passing % as username and it returns a SQL error displaying my linux path to the website, like /usr/local etc...

Plasma

Are you placing quotes around your field name?

$query = "INSERT INTO users (username) VALUES ('$username')"

You dont need to escape the % value character.

laserlight

Unless you are using it with say, LIKE, chances are you dont need to escape it. If you do need to escape it, you should use the backslash, i.e. \%. addslashes() and addcslashes() dont regard the % symbol as one that needs to be escaped, so you should do the string replacement with say [man]str_replace/man.

mastrboy

laserlight wrote:
Unless you are using it with say, LIKE, chances are you dont need to escape it. If you do need to escape it, you should use the backslash, i.e. \%. addslashes() and addcslashes() dont regard the % symbol as one that needs to be escaped, so you should do the string replacement with say [man]str_replace/man.

thanx 😃

all the "negative" replys made me verify my code again and i had forgot something :o

i forgot ' ' in my secure variable before sql query function

changed from

$securevalue = " . mysql_real_escape_string($securevalue) . ";

$securevalue = "'" . mysql_real_escape_string($securevalue) . "'";

sorry for the time you guys spent reading this post 😉 ,but thats why it's in the newbies category 😉