safe_rows question

tye · 2012-06-07 07:15:39

OK – so I have the following mysql querie but it is failing

$query = safe_rows('name, title', 'txp_category', 'type like "image" AND name!="root" AND name!="peaches-and-cream"');

It is failing due to the name with hypens, if I remove it, it works fine, if I add another category name without hyphens, it works fine.

Am I doing something wrong here?

etc · 2012-06-07 08:38:04

You should probably escape the query (“peaches\-and\-cream”) with doSlash().

tye · 2012-06-07 09:53:33

Thanks etc – that worked perfectly :)

I couldn’t find any info on doSlash(), but tried addslashes() and that worked :)

Gocom · 2012-06-07 11:20:35

tye wrote:

I couldn’t find any info on doSlash(), but tried addslashes() and that worked :)

As Nathan Drake would say No no no no no. doSlash() is Textpattern’s core function and is used to escape quoted values used in SQL statements. You really should use it instead of addslashes(), which is not exactly the correct tool (or safe either).

Last edited by Gocom (2012-06-07 11:26:08)

tye · 2012-06-07 11:31:06

whoops…. hides :)

Thanks Jukka – I’ll check it tomorrow :)

Textpattern CMS

Textpattern CMS support forum

#1 2012-06-07 07:15:39

safe_rows question

#2 2012-06-07 08:38:04

Re: safe_rows question

#3 2012-06-07 09:53:33

Re: safe_rows question

#4 2012-06-07 11:20:35

Re: safe_rows question

#5 2012-06-07 11:31:06

Re: safe_rows question

Board footer