List:General Discussion« Previous MessageNext Message »
From:Paul DuBois Date:September 15 2002 7:58pm
Subject:Re: Re: problem about mysql_real_escape_string to escape MultiByte
View as plain text  
At 3:38 +0800 9/16/02, Xuefer wrote:
>ok, finally have a kind man take a look at my problem :)
>now before pasting a long example-script
>here is the test result:
>
>**********************************************
>case 1
>php4.2, mysql4.0.2 using GBK charset, windows
>mysqlclient-gbk is not supported by php4.2 win build,

In that case, it's very possible that the client library is built without
multi-byte support of any kind.  In which case, just adding the charset
files to the charset directory won't enable it....

>  but i made gbk.conf in C:\mysql\share\charsets
>
>result:
>
>========
>string -> ? ( [ ?] [ " ] )
>escaped -> »\" ( [ ?] [ \ ] [ " ] )
>result -> »\" ( [ ?] [ \ ] [ " ] )
>*** damn!
>
>========
>string -> ? ( [ ?] [ ' ] )
>escaped -> »\' ( [ ?] [ \ ] [ ' ] )
>cant query, error:#1064 You have an error in your SQL syntax near 
>''»\''' at line 1
>========
>string -> »\' ( [ ?] [ \ ] [ ' ] )
>escaped -> »\\\' ( [ ?] [ \ ] [ \ ] [ \ ] [ ' ] )
>cant query, error:#1064 You have an error in your SQL syntax near 
>''»\\\''' at line 1
>
>**********************************************
>case 2
>php4.2, mysql4.0.2 using GBK charset, linux
>php4.2 compiled with lib mysql, GBK supported
>
>result:
>
>========
>string -> ? ( [ ?] [ " ] )
>escaped -> »\" ( [ ?] [ \ ] [ " ] )
>result -> »\" ( [ ?] [ \ ] [ " ] )
>*** damn!
>
>========
>string -> ? ( [ ?] [ ' ] )
>escaped -> »\' ( [ ?] [ \ ] [ ' ] )
>cant query, error:#1064 You have an error in your SQL syntax near 
>''»\''' at line 1
>========
>string -> »\' ( [ ?] [ \ ] [ ' ] )
>escaped -> »\\' ( [ ?] [ \ ] [ \ ] [ ' ] )
>result -> »\' ( [ ?] [ \ ] [ ' ] )
>* fine
>
>
>and the php test script
>**************************
><?php
>error_reporting(E_ALL);
>$conn = mysql_connect('localhost', 'user', 'pass') or die('cant connect');
>
>test(chr(200) . '"', $conn);
>test(chr(200) . "'", $conn);
>test(chr(200) . "\\'", $conn);
>
>function test($str, &$conn)
>{
>     echo "<br>========<br>";
>     dump_str('string', $str);
>     $q_str = mysql_escape_string($str); // you may also try 
>mysql_escape_string() (php cvs only)
>     dump_str('escaped', $q_str);
>     $res = mysql_query("SELECT '$q_str'");
>     if (!$res) {
>         print('<font color=red>cant query</font>, error:#'
>		. mysql_errno()
>		. ' '
>		. mysql_error());
>		return;
>	}
>     $row = mysql_fetch_row($res) or die('empty result');
>     dump_str('result', $row[0]);
>     echo $row[0] === $str ? "* fine<br>":"*** damn!<br>";
>}
>function dump_str($name, $str)
>{
>     echo "$name -&gt; $str (";
>     for ($i = 0; $i < strlen($str); $i ++)
>     {
>             echo ' [ ' , $str{$i}, ' ] ';
>     }
>     echo ")<br>";
>}
>?>
>
>
>On 2002-09-15 Paul DuBois wrote:
>
>>At 22:24 +0800 9/15/02, Xuefer wrote:
>>>even i do mysql_real_escape_string to bold data
>>>mysql complain about syntax error
>>>
>>>$str = mysql_escape_string("\0xC8'"); // tried mysql_real_escape_string
>>>$sql = "SELECT '$str'";
>>>$result = mysql_query($sql, .....); // get error
>>
>>It doesn't do much good to report that your code doesn't work if you
>>don't report *the code that doesn't work*.
>>
>>It might also help to include other details.  Are you using PHP? What
>  >version?  Etc.

Thread
Re: Re: problem about mysql_real_escape_string to escape MultiByteXuefer15 Sep
  • Re: Re: problem about mysql_real_escape_string to escape MultiBytePaul DuBois16 Sep