| Justin Patrin 2005-04-27, 8:57 pm |
| On 4/27/05, pw <p.willis@telus.net> wrote:
> Justin Patrin wrote:
=3D".$rval;[color=darkred]
).'[color=darkred]
>=20
> I tried. It doesn't work.
>=20
>=20
=3D350;[color=darkred]
>=20
> I didn't believe it either.....
> Did you follow what I did above with both PHP/Pear and
> PostgreSQL?
>=20
>=20
>=20
> ??Huh?
> Any idea what file(s) I should hack through?
> To be honest, I have enough on my own hands,
> with my own code, without having to fix Pear::DB too...<sigh!>
>=20
> O.K., I'll take a look but I can't spend a huge amount of
> time debugging this.
>=20
>=20
>=20
> It double slashed the output and still managed to UPDATE the
> field with truncated data, stopping again at the double quote.
> Pear then updates the correct record with truncated data.
>=20
> Let's keep in mind here that if there were a problem
> with the quotes, the SQL UPDATE shouldn't be able to
> happen at all. Bad SQL =3D No Data Entry/Update. It will
> fail.
>=20
> Postgres likes the query as it is laid out without
> quoteSmart. Pear::DB is just messing up the data value (string).
>=20
Well, it sounds to me like there's something horribly wrong here.
Again, I'd like the output of $db->quoteSmart($avalue)
It *should* be:
'hello this character (") is a double quote'
According to my quick look. No backslashes. If there was a single
quote in there it should get replaced with 2 single quotes: ''.
Try:
echo $avalue;
Does that have backslashes? Do you perhaps have magic_quotes_runtime on?
Try running the query with PEAR::DB with 'hello this character (") is
a double quote' as the value (no quoteSmart, no variables).
--=20
Justin Patrin
|