Slashes problem on submitting query

tyhoerr

This page is designed to allow a user to edit multiple cells of data in a mysql table and submit them all together. If you've edited multiple entries with phpmyadmin- very similar to that.

Problem:

Every time I submit the query below to save the data it adds extra escape slashes to data containing apostrophes (ex. 4.0 'MS becomes 4.0 \'MS)

I tried using stripslashes() but I'm not sure if that even works and either way, I'm not able to use that on the raw POST data.

Until I get this fixed... the code is pretty much useless as it corrupts the data every time i submit it. Any help would be great!

<?php
// CONNECT BEGIN
mysql_connect("localhost","****","****"); 
mysql_select_db("NPD"); 
// CONNECT END

$p=$_GET["p"];
if (empty($p)) {$p="Size";}

if (isset($_POST['Size']) AND is_array($_POST['Size']))
{
    foreach ($_POST['Size'] as $id=>$size)
    {
        $sql = sprintf("UPDATE Child_Table2 SET $p='%s' WHERE id=%d",
            mysql_real_escape_string($size),
            mysql_real_escape_string($id)
        );
        mysql_query($sql);
    }
} 

$delete=$_GET["delete"];


if(!empty($delete)) { 
$test0="DELETE FROM `Accounts` WHERE ID='$delete'";
mysql_query("$test0"); }

$color1="cccccc";
$color2="ffffff";
$row_count = 0; 


echo "<form method=\"Post\"><table width=\"100%\" border=\"0\"
cellpadding=\"4\" cellspacing=\"0\"><tr><td></td>
<td width=\"19%\"><h2>ID</h2></td>
<td width=\"19%\"><h2><a href=\"child.php\">Size</a></h2></td>
<td width=\"19%\"><h2><a href=\"child.php?p=Quantity\">Quantity</a></h2></td>
<td width=\"19%\"><h2><a href=\"child.php?p=BB_Price\">BB Price</a></h2></td>
<td width=\"19%\"><h2><a href=\"child.php?p=IG_Price\">IG Price</a></h2></td></tr></table>

<table width=\"100%\" border=\"0\"
cellpadding=\"4\" cellspacing=\"0\">";

$sql = "select * from Child_Table2 order by PID";

$result = mysql_query("$sql") or die('Error, query failed');
// SEARCH QUERY END

// DISPLAY RESULTS BEGIN
while($r=mysql_fetch_array($result))
{	
	$ID=$r["ID"];
	$Name=$r["Common_Name"];
	$PID=$r["PID"];
	$Size=$r["Size"];
	$Quantity=$r["Quantity"];
	$BB_Price=$r["BB_Price"];
	$IG_Price=$r["IG_Price"];
	$row_color = ($row_count % 2) ? $color1 : $color2; 

if ($p==Size) {   

echo "<tr onmouseover=\"style.fontWeight = 'bold'\" onmouseout=\"style.fontWeight = 'normal'\"><td><a href=\"javascript:if(confirm('Are you sure you want to delete this data?')) self.location='child.php?delete=$Username';\"><img border=\"0\" src=\"delete.jpg\" /></a></td>
<td width=\"%19\" bgcolor=\"#$row_color\" nowrap>$Name</td><td width=\"%19\" bgcolor=\"#$row_color\"><input type=\"hidden\" name=\"ID_$ID\" id=\"ID_$ID\" value=\"$ID\"/><input name=\"Size[$ID]\" id=\"Size_$ID\" value=\"$Size\"/></td><td width=\"%19\" bgcolor=\"#$row_color\">$Quantity</td><td width=\"%19\" bgcolor=\"#$row_color\">$BB_Price</td><td width=\"%19\" bgcolor=\"#$row_color\">$IG_Price</td></tr>";
}

if ($p==Quantity) {
echo "<tr onmouseover=\"style.fontWeight = 'bold'\" onmouseout=\"style.fontWeight = 'normal'\"><td><a href=\"javascript:if(confirm('Are you sure you want to delete this data?')) self.location='child.php?delete=$Username';\"><img border=\"0\" src=\"delete.jpg\" /></a></td>
<td width=\"%19\" bgcolor=\"#$row_color\" nowrap>$Name</td><td width=\"%19\" bgcolor=\"#$row_color\"><input type=\"hidden\" name=\"ID_$ID\" id=\"ID_$ID\" value=\"$ID\"/>$Size</td><td width=\"%19\" bgcolor=\"#$row_color\"><input name=\"Size[$ID]\" id=\"Size_$ID\" value=\"$Quantity\"/></td><td width=\"%19\" bgcolor=\"#$row_color\">$BB_Price</td><td width=\"%19\" bgcolor=\"#$row_color\">$IG_Price</td></tr>";
}

if ($p==BB_Price) {
echo "<tr onmouseover=\"style.fontWeight = 'bold'\" onmouseout=\"style.fontWeight = 'normal'\"><td><a href=\"javascript:if(confirm('Are you sure you want to delete this data?')) self.location='child.php?delete=$Username';\"><img border=\"0\" src=\"delete.jpg\" /></a></td>
<td width=\"%19\" bgcolor=\"#$row_color\" nowrap>$Name</td><td width=\"%19\" bgcolor=\"#$row_color\"><input type=\"hidden\" name=\"ID_$ID\" id=\"ID_$ID\" value=\"$ID\"/>$Size</td><td width=\"%19\" bgcolor=\"#$row_color\">$Quantity</td><td width=\"%19\" bgcolor=\"#$row_color\"><input name=\"Size[$ID]\" id=\"Size_$ID\" value=\"$BB_Price\"/></td><td width=\"%19\" bgcolor=\"#$row_color\">$IG_Price</td></tr>";
}

if ($p==IG_Price) {
echo "<tr onmouseover=\"style.fontWeight = 'bold'\" onmouseout=\"style.fontWeight = 'normal'\"><td><a href=\"javascript:if(confirm('Are you sure you want to delete this data?')) self.location='child.php?delete=$Username';\"><img border=\"0\" src=\"delete.jpg\" /></a></td>
<td width=\"%19\" bgcolor=\"#$row_color\" nowrap>$Name</td><td width=\"%19\" bgcolor=\"#$row_color\"><input type=\"hidden\" name=\"ID_$ID\" id=\"ID_$ID\" value=\"$ID\"/>$Size</td><td width=\"%19\" bgcolor=\"#$row_color\">$Quantity</td><td width=\"%19\" bgcolor=\"#$row_color\">$BB_Price</td><td width=\"%19\" bgcolor=\"#$row_color\"><input name=\"Size[$ID]\" id=\"Size_$ID\" value=\"$IG_Price\"/></td></tr>";
}
	$row_count++;
}

echo "</table><div style=\"position:fixed;
bottom: 0px;
right: 0px;
\" ><input type=\"Submit\"/></div></form>"; 

// DISPLAY RESULTS END

echo "<br><br>";

?>

laserlight

tyhoerr wrote:
Every time I submit the query below to save the data it adds extra escape slashes to data containing apostrophes (ex. 4.0 'MS becomes 4.0 \'MS)

Disable magic_quotes_gpc, e.g., by changing settings in php.ini and restarting the web server.

tyhoerr wrote:
I tried using stripslashes() but I'm not sure if that even works and either way, I'm not able to use that on the raw POST data.

If you cannot disable magic_quotes_gpc, then stripslashes() would be the correct thing to do (possibly conditionally with [man]get_magic_quotes_gpc/man to allow for a future disabling of magic_quotes_gpc). You can use it on the elements of $_POST.

tyhoerr

I just got on to write that I've had nothing but trouble and neither solution worked.... but fortunately I re-read your post one more time and noticed the words "restarting the web server."... Works wonderfully now 🙂 Thanks!

laserlight

You're welcome 🙂
Remember to mark this thread as resolved (if it is) using the thread tools.