GoFuckYourself.com - Adult Webmaster Forum - Quick PHP / Mysql question

- Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)

- - Quick PHP / Mysql question (https://gfy.com/showthread.php?t=943793)

Quick PHP / Mysql question

I am trying to insert the $array[14] result into my mysql database but it is just inserting $array[14] in plain text instead of the variable.

Code:

<?php

include 'dbconnect.php';



$query  = "SELECT * FROM messages WHERE id=43";

$result = mysql_query($query);





while($row = mysql_fetch_array($result))

  {

  $str = $row['message'];

  }





$arrays = (explode(",\"",$str)); //seperates anything with ,"

$arrays = (explode("\"",$str)); //reseperates anything with "





echo $arrays[14]; //prints result 14





mysql_select_db($mysql);

$query = 'INSERT INTO `sms`.`redirects` (`id`, `msg`, `from_num`, `to_num`, `from_country`, `to_country`, `status2`, `time_created`) VALUES (NULL, \'apples\', \'peanuts\', \'$arrays[14]\', \'\', \'\', \'\', \'\');';



mysql_query($query) or die('Error, insert query failed');



$query = "FLUSH PRIVILEGES";

mysql_query($query) or die('Error, insert query failed');



?>

I tried
uts\', \'"$arrays[14]"\', \'
uts\', \'echo $arrays[14]\', \'
uts\', \'".$arrays[14]."', \'

and a few other variations but it just gave a http 500 error or inserted it in plain text.

Incase your wondering about the weird insert command and all the unnecessary back slashes, I got the code from inserting manually into the mysql database and hitting create php code since nothing else was really working.

try this

Code:

$query = 'INSERT INTO `sms`.`redirects` (`id`, `msg`, `from_num`, `to_num`, `from_country`, `to_country`, `status2`, `time_created`) VALUES (NULL, \'apples\', \'peanuts\', \'".$arrays[14]."\', \'\', \'\', \'\', \'\');';

You have to enclose an array in curly brackets.

\'{$array[14]}\'

You should also use double quotes around the query, then you won't have to escape every single quote in the line.

hmm both suggestions just insert the plain text into the to_num field

".$arrays[14]."
and
{$arrays[14]}

I tried doing it with double quotes before but it kept screwing up so I am just copying it from the create php code option in phpmyadmin.

http://img33.imageshack.us/img33/4757/sqlhelp.jpg

boo ya ka cha

Code:

mysql_select_db($mysql);

$query = "INSERT INTO `sms`.`redirects` (`id`, `msg`, `from_num`, `to_num`, `from_country`, `to_country`, `status2`, `time_created`) VALUES (NULL, 'apples', 'peanuts', '".$arrays[14]."', 'pizza', '', '', '')";

single and double quotes.... you're getting all mixed up and confused...

run this script and see for yourself where your problem lies....

Code:

<?php



$array[5] = 'single quote';

$array[6] = 'double quote';



echo 'This is an echo from within a {$array[5]} <br>';

echo "This is an echo from within a {$array[6]} <br>";



?>

Yes single quotes means literal so if you have '.$string.' the out put will be .$string. With double quotes ".$string." the output would be whatever $string = to

Quote:

Originally Posted by borked (Post 16653054)

single and double quotes.... you're getting all mixed up and confused...

run this script and see for yourself where your problem lies....

Code:

<?php



$array[5] = 'single quote';

$array[6] = 'double quote';



echo 'This is an echo from within a {$array[5]} <br>';

echo "This is an echo from within a {$array[6]} <br>";



?>

Agreed. This is the best way from my neighbour.:thumbsup

Quote:

Originally Posted by Bird (Post 16653063)

Yes single quotes means literal so if you have '.$string.' the out put will be .$string. With double quotes ".$string." the output would be whatever $string = to

:thumbsup:thumbsup:thumbsup

Everyone who has replied to this thread writes code vulnerable to SQL injections - never hire anyone from this thread.