Nikunj Bhatt - 2015-09-29 18:57:49 -
In reply to message 2 from Jeff WilliamsActually the code needs to be corrected for slash. What happens if there is a slash at the end of a value for a text datatype field?
Consider the following example:
<?php
include("mysql.class.php");
$db = new MySQL(true, "test", "localhost", "root", "");
$values["name"] = MySQL::SQLValue("nikunj\\");
$result = $db->InsertRow("contacts", $values);
if (! $result) {
$db->Kill();
} else {
echo "The new record's ID is: " . $db->GetLastInsertID() . "\n<br />\n";
$db->SelectRows("contacts", $values);
echo $db->GetHTML();
}
?>
This will output the following error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''nikunj\')' at line 1 (#1064)
Because when this PHP script is run, the query tried for execution becomes like this:
INSERT INTO `products` (`name`) VALUES ('nikunj\');
The slash after the name 'nikunj' is considered as an escape character for the second/closing single quote; and MySQL "thinks" that the query is not-proper/incomplete because the string is not ended/closed.
The query should be constructed like this:
INSERT INTO `products` (`name`) VALUES ('nikunj\\');
So, to resolve this issue, a small change is needed in the line # 1594 (in "SQLValue()" function) as following:
$return_value = "'" . str_replace(array("\\", "'"), array("\\\\", "''"), $value) . "'";
Now it will replace slash with 2 shalhes and single-quote with 2 signle-quotes.
robot - 2014-12-26 12:02:36
