At 3:38 +0800 9/16/02, Xuefer wrote:
>ok, finally have a kind man take a look at my problem :)
>now before pasting a long example-script
>here is the test result:
>
>**********************************************
>case 1
>php4.2, mysql4.0.2 using GBK charset, windows
>mysqlclient-gbk is not supported by php4.2 win build,
In that case, it's very possible that the client library is built without
multi-byte support of any kind. In which case, just adding the charset
files to the charset directory won't enable it....
> but i made gbk.conf in C:\mysql\share\charsets
>
>result:
>
>========
>string -> ? ( [ ?] [ " ] )
>escaped -> »\" ( [ ?] [ \ ] [ " ] )
>result -> »\" ( [ ?] [ \ ] [ " ] )
>*** damn!
>
>========
>string -> ? ( [ ?] [ ' ] )
>escaped -> »\' ( [ ?] [ \ ] [ ' ] )
>cant query, error:#1064 You have an error in your SQL syntax near
>''»\''' at line 1
>========
>string -> »\' ( [ ?] [ \ ] [ ' ] )
>escaped -> »\\\' ( [ ?] [ \ ] [ \ ] [ \ ] [ ' ] )
>cant query, error:#1064 You have an error in your SQL syntax near
>''»\\\''' at line 1
>
>**********************************************
>case 2
>php4.2, mysql4.0.2 using GBK charset, linux
>php4.2 compiled with lib mysql, GBK supported
>
>result:
>
>========
>string -> ? ( [ ?] [ " ] )
>escaped -> »\" ( [ ?] [ \ ] [ " ] )
>result -> »\" ( [ ?] [ \ ] [ " ] )
>*** damn!
>
>========
>string -> ? ( [ ?] [ ' ] )
>escaped -> »\' ( [ ?] [ \ ] [ ' ] )
>cant query, error:#1064 You have an error in your SQL syntax near
>''»\''' at line 1
>========
>string -> »\' ( [ ?] [ \ ] [ ' ] )
>escaped -> »\\' ( [ ?] [ \ ] [ \ ] [ ' ] )
>result -> »\' ( [ ?] [ \ ] [ ' ] )
>* fine
>
>
>and the php test script
>**************************
><?php
>error_reporting(E_ALL);
>$conn = mysql_connect('localhost', 'user', 'pass') or die('cant connect');
>
>test(chr(200) . '"', $conn);
>test(chr(200) . "'", $conn);
>test(chr(200) . "\\'", $conn);
>
>function test($str, &$conn)
>{
> echo "<br>========<br>";
> dump_str('string', $str);
> $q_str = mysql_escape_string($str); // you may also try
>mysql_escape_string() (php cvs only)
> dump_str('escaped', $q_str);
> $res = mysql_query("SELECT '$q_str'");
> if (!$res) {
> print('<font color=red>cant query</font>, error:#'
> . mysql_errno()
> . ' '
> . mysql_error());
> return;
> }
> $row = mysql_fetch_row($res) or die('empty result');
> dump_str('result', $row[0]);
> echo $row[0] === $str ? "* fine<br>":"*** damn!<br>";
>}
>function dump_str($name, $str)
>{
> echo "$name -> $str (";
> for ($i = 0; $i < strlen($str); $i ++)
> {
> echo ' [ ' , $str{$i}, ' ] ';
> }
> echo ")<br>";
>}
>?>
>
>
>On 2002-09-15 Paul DuBois wrote:
>
>>At 22:24 +0800 9/15/02, Xuefer wrote:
>>>even i do mysql_real_escape_string to bold data
>>>mysql complain about syntax error
>>>
>>>$str = mysql_escape_string("\0xC8'"); // tried mysql_real_escape_string
>>>$sql = "SELECT '$str'";
>>>$result = mysql_query($sql, .....); // get error
>>
>>It doesn't do much good to report that your code doesn't work if you
>>don't report *the code that doesn't work*.
>>
>>It might also help to include other details. Are you using PHP? What
> >version? Etc.
