I just noticed that $wpdb->prepare() put slashes in the inserted values while it shouldn't cause this! e.g.: if you insert 'test' as a value it ends up as \'test\' in its table field.
How can I reliably remove those slashes when retrieving data from DB?
It escapes some special characters before storing them on your data base. You can use function stripslashes on your data after reading, to restore it.
Related
Background:
User submits the following data firstName
I escape user's data using mysql_real_escape_string and store it in MySQL memory table (table1).
A PHP cron runs every 5 minutes then SELECTS this data into a PHP array (for replication reasons) and executes the following INSERT command to an identical table but in InnoDB format (table2):
INSERT INTO `table2` (`id`,`firstName`) VALUES ('1','aaa');
Problem:
If a user sends data with a single quote ', i.e, "John's", it is escaped WHILE saving, but not saved escaped. Meaning, it's saved with the single quote into firstName of table1.
When the above insert command takes place, the unescaped data breaks the whole insert command. How do I deal with this without manually escaping at every juncture?
I can't shift to PDO or mysqli at the moment.
You cannot avoid this without manually escaping data everytime you use it in a literal SQL query. Either use parametrized statements or escape your data.
What do you mean with your "replication reasons"? Maybe you don't need to fetch all data from your database, just so you can push it back into another table. Inserting directly from another table is much more efficient.
I have a problem when inserting data into database any word with upper comma. For example if insert haven’t it will be inserted in this format haven’t BUT if I insert haven't it will be inserted successfully. So the main problem is this comma ’ . Any help here please.
You are inserting your data in in a charset that is different from the on your database is using.
To be a bit more specific: you seem to be inserting a variable-width encoded string (e.g. UTF-8) into a fixed-width encoded db (e.g. ISO-8895 family).
I imported data from csv files into a MySQL database, but made the mistake of not
removing the trailing spaces in the csv columns. So the spaces are seen as '?' at
the end of some values in the database (of type Varchar). I want to get rid of these.
Can I somehow delete all these ?s in the database in one go? I know of the replace
command, but I think that works on a single column of a singe table at a time, which will
be very time consuming for me. Could anyone please suggest something better? Thanks!
You can use the trim function
UPDATE table SET column = TRIM(TRAILING '?' FROM column)
I have some small data with slashes in it.
I am doing a csv import with over 2000 lines. I am looping through each one and it goes fine but when I have slashes in the text the whole string wont import. I dont get any errors. The data just doesn't show up in the database.
Sample text would be "Barr/Massive"
How can I make it so mysql doesn't strip the slash.
Use bind parameters, don't insert the data directly into your SQL.
INSERT INTO table VALUES ($name)
versus
INSERT INTO table VALUES (?)
I'm assuming you're using some kind of PHP or Perl script for this. Otherwise, phpMyAdmin has a CSV import.
I have a text file to be imported in a MySQL table. The columns of the files are comma delimited. I set up an appropriate table and I used the command:
load data LOCAL INFILE 'myfile.txt' into table mytable FIELDS TERMINATED BY ‘,’;
The problem is, there are several spaces in the text file, before and after the data on each column, and it seems that the spaces are all imported in the tables (and that is not what I want). Is there a way to load the file without the empty spaces (other than processing each row of the text file before importing in MySQL)?
As far as I understand, there's no way to do this during the actual load of the data file dynamically (I've looked, as well).
It seems the best way to handle this is to either use the SET clause with the TRIM
function
("SET column2 = TRIM(column2)")
or run an update on the string columns after loading, using the TRIM() function.
You can also create a stored procedure using prepared statements to run the TRIM function on all columns in a specified table, immediately after loading it.
You would essentially pass in the table name as a variable, and the sp would use the information_schema database to determine which columns to upload.
If you can use .NET, CSVReader is a great option(http://www.codeproject.com/KB/database/CsvReader.aspx). You can read data from a CSV and specify delimiter, trimming options, etc. In your case, you could choose to trim left and right spaces from each value. You can then either save the result to a new text file and import it into the database, or loop through the CsvReader object and insert each row into the database directly. The performance of CsvReader is impressive. Hope this helps.