pg_escape_string not working
I want to use pg_escape_string in my password can anyone sugest me hows it is used? in my postgresql insert table
$query = "insert into vmobjects (guid,ipaddress,username,password,hostid,vmname,guestostype) values('".$guid."','".$ip."','".$username."','".$password."','".$hostid."','".$name."','".strtolower($os)."')";
I m using $escaped = pg_escape_string($password);
$query = "insert into vmobjects (guid,ipaddress,username,password,hostid,vmname,guestostype) values('".$guid."','".$ip."','".$username."','".$escaped ."','".$hostid."','".$name."','".strtolower($os)."')";
but it is not working
it wil not take my & and + string ... like if i insert @#&$%&^* as a password then after @# it shows nul values .... pg_escape_string not working
It wil takes '~!@#$%^*()_=-{}|][:"';<>?/.,'except& and +` string.
my backend table row insert & string as a null value and after & string all values are null
and In the case of + string this is only null
Plz Don't refer me the sites manual
Ya I'm POSTing the contents of a form field via AJAX to a PHP script and using this code
if(!http)
http = CreateObject();
开发者_如何学编程 nocache = Math.random();
http.open('post', 'addvm.php');
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = SaveReply;
http.send(params);
Forget about pg_escape_string and similar "workarounds".
What you want are prepared statements and bind parameters or (in case you're unwilling to jump right in) at least pg_query_params.
Just use pg_query_params() to make things very simple:
$query = "
INSERT INTO vmobjects
(guid,ipaddress,username,password,hostid,vmname,guestostype)
VALUES($1, $2, $3, $4, $5, $6, $7)"; // $1 to $7 are the placeholders
$result = pg_query_params(
$connection, // your database connection should be here
$query, // the query itself, including placeholders
array($guid,$ip,$username,$password,$hostid,$name,strtolower($os) // array with values
);
There is no need for pg_escape_string when using pg_query_params. pg_query_params is by far the most simple aproach for interaction with your database.
I am almost sure that your problem is sending the content to backend, not to send it to database. In Url data, & and + signs are treated specially. However, unless you use AJAX like method you will not end up with problems. If you are using AJAX like method to post, use Url encode. If you are using an AJAX library, it may contain a method for that, if not, you can use webtoolkit version, which is a single file.
The best thing to do here would be to encode the password and then enter it into the database. This way, you won't get any escaping problems.
A way to do this would be:
$escaped = md5($password);
And when you check if the password matches, do:
if (md5($user_entered_password) == $password)...
Try this
params =
"guid=" + encodeURIComponent(szguid) +
"&username=" + encodeURIComponent(szusername) +
"&password=" + encodeURIComponent(szpassword) +
"&ip=" + encodeURIComponent(ip) +
"&name=" + encodeURIComponent(name) +
"&os=" + encodeURIComponent(os);
//alert(params);
document.body.style.cursor = 'wait';//change cursor to wait
if(!http)
http = CreateObject();
nocache = Math.random();
http.open('post', 'addvm.php');
http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http.setRequestHeader("Content-length", params.length);
http.setRequestHeader("Connection", "close");
http.onreadystatechange = SaveReply;
http.send(params);
Google around, it looks like there is a problem with pg_escape_string() (and other pg_* function) with PHP 5.3 (see http://bugs.php.net). Din't yet find a definitive answer/solution (except perhaps downgrade to PHP 5.2 for a while).
Post Scriptum: In my case (I'm using Ubuntu Maverick) I found the problem was fixed after perform an upgrade to the system (sudo apt-get upgrade)
加载中,请稍侯......
精彩评论