Complex escape string

03/05/2008, 18h20

I have this line of code:

$q = "This is the string that will go into the query:
{${mysql_real_escape_string($_GET['searchstring'])}}";

What happens then is the user supplies 'foo' as the search string, and I get
a debug notice "Undefined variable: foo". Why is it treating the value as an
identifier and how do I make it do what I actually want it to do? This is on
PHP5, latest release.

03/05/2008, 18h36

On 5/3/08, cyaugin <cyaugin@yahoo.com> wrote:
> I have this line of code:
>
> $q = "This is the string that will go into the query:
> {${mysql_real_escape_string($_GET['searchstring'])}}";
>
> What happens then is the user supplies 'foo' as the search string, and I get
> a debug notice "Undefined variable: foo". Why is it treating the value as an
> identifier and how do I make it do what I actually want it to do? This is on
> PHP5, latest release.
>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
$q = "This is the string that will go into the query: " .
mysql_real_escape_string($_GET['searchstring']);

--
-Casey

03/05/2008, 19h52

Why exactly are you doing this? While variable-variables can be of use
at times, I don't think this is one of them. How do you use this newly
created variable.

- Craige

On Sat, May 3, 2008 at 1:20 PM, cyaugin <cyaugin@yahoo.com> wrote:
> I have this line of code:
>
> $q = "This is the string that will go into the query:
> {${mysql_real_escape_string($_GET['searchstring'])}}";
>
> What happens then is the user supplies 'foo' as the search string, and I get
> a debug notice "Undefined variable: foo". Why is it treating the value as an
> identifier and how do I make it do what I actually want it to do? This is on
> PHP5, latest release.
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

03/05/2008, 20h30

-----Original Message-----
From: cyaugin [mailto:cyaugin@yahoo.com]
Sent: Saturday, May 03, 2008 10:20 AM
To: php-general@lists.php.net
Subject: [php] Complex escape string

I have this line of code:

$q = "This is the string that will go into the query:
{${mysql_real_escape_string($_GET['searchstring'])}}";

What happens then is the user supplies 'foo' as the search string, and I get
a debug notice "Undefined variable: foo". Why is it treating the value as an
identifier and how do I make it do what I actually want it to do? This is on
PHP5, latest release.

---------------

It looks to me like what is happening is this piece:
${mysql_real_escape_string($_GET['searchstring'])}

Gets collapsed to $foo when mysql_real_escape_string($_GET['searchstring'])
== 'foo'. ${'a'} will expand to $a. I think that your problem is that you
need to drop that '$' before the brace around the function call.

03/05/2008, 18h20	#1
cyaugin Messages: n/a Hébergeur:	Complex escape string I have this line of code: $q = "This is the string that will go into the query: {${mysql_real_escape_string($_GET['searchstring'])}}"; What happens then is the user supplies 'foo' as the search string, and I get a debug notice "Undefined variable: foo". Why is it treating the value as an identifier and how do I make it do what I actually want it to do? This is on PHP5, latest release.

03/05/2008, 18h36	#2
Casey Messages: n/a Hébergeur:	Re: [PHP] Complex escape string On 5/3/08, cyaugin <cyaugin@yahoo.com> wrote: > I have this line of code: > > $q = "This is the string that will go into the query: > {${mysql_real_escape_string($_GET['searchstring'])}}"; > > What happens then is the user supplies 'foo' as the search string, and I get > a debug notice "Undefined variable: foo". Why is it treating the value as an > identifier and how do I make it do what I actually want it to do? This is on > PHP5, latest release. > > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > $q = "This is the string that will go into the query: " . mysql_real_escape_string($_GET['searchstring']); -- -Casey

03/05/2008, 19h52	#3
Craige Leeder Messages: n/a Hébergeur:	Re: [PHP] Complex escape string Why exactly are you doing this? While variable-variables can be of use at times, I don't think this is one of them. How do you use this newly created variable. - Craige On Sat, May 3, 2008 at 1:20 PM, cyaugin <cyaugin@yahoo.com> wrote: > I have this line of code: > > $q = "This is the string that will go into the query: > {${mysql_real_escape_string($_GET['searchstring'])}}"; > > What happens then is the user supplies 'foo' as the search string, and I get > a debug notice "Undefined variable: foo". Why is it treating the value as an > identifier and how do I make it do what I actually want it to do? This is on > PHP5, latest release. > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >

03/05/2008, 20h30	#4
Steven R. Ringwald Messages: n/a Hébergeur:	RE: [PHP] Complex escape string -----Original Message----- From: cyaugin [mailto:cyaugin@yahoo.com] Sent: Saturday, May 03, 2008 10:20 AM To: php-general@lists.php.net Subject: [php] Complex escape string I have this line of code: $q = "This is the string that will go into the query: {${mysql_real_escape_string($_GET['searchstring'])}}"; What happens then is the user supplies 'foo' as the search string, and I get a debug notice "Undefined variable: foo". Why is it treating the value as an identifier and how do I make it do what I actually want it to do? This is on PHP5, latest release. --------------- It looks to me like what is happening is this piece: ${mysql_real_escape_string($_GET['searchstring'])} Gets collapsed to $foo when mysql_real_escape_string($_GET['searchstring']) == 'foo'. ${'a'} will expand to $a. I think that your problem is that you need to drop that '$' before the brace around the function call.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email