1 Reply Latest reply on Sep 8, 2009 9:33 PM by drillnaut

    mysql_real_escape_string causing problems with xml data in Flex

    new2oop Level 1

      I realise this is more of a mysql/php question but I can't get a useful response (that i can understand and use) from the php forums.

       

      I'm trying to use:

       

      mysql_real_escape_string()

       

      to sanitize my data before saving it to the database. However if I use that command on my xml string (Flex converts the xml to a string then I save it in the database as a string) as in the following code:

       

      <?php
      $conn = mysql_connect("mysqldb","myusername","mypassword");
      mysql_select_db("mysqldb");
          $username = mysql_real_escape_string($_POST['username']);
          $password = mysql_real_escape_string($_POST['password']);
          $configxml = mysql_real_escape_string($_POST['configxml']);
              if($username && $password)    {
                  $query = "UPDATE users SET config='$configxml' WHERE username='$username' AND password='$password'";
                  $result = mysql_query($query);
              } else {
                  //$userData="response=ged in";
                      //print $userData;
              }

       

      ?>

       

      it adds lots of slashes to the xml string and when I use the following code to load the xml string back into Flex, it doesn't work (because it contains all the slashes).

       

       

      <?php
      $conn = mysql_connect("mysqldb","myusername","mypassword");
      mysql_select_db("mysqldb");
          $username = mysql_real_escape_string($_POST['username']);
          $password = mysql_real_escape_string($_POST['password']);
              if($username && $password)    {
                  $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
                  if(mysql_num_rows($result) > 0) {
                      while($row = mysql_fetch_array($result))
                      {
                      $userData="<data>".$row['config'].$row['games']."</data>";
                      }
                      print $userData;
                  } else {
                      $userData="response=Login Failed";
                      print $userData;
                  }
              } else {
                  $userData="response=ged in";
                      print $userData;
              }

       

      ?>

       

      How do I strip out the slashes before loading the xml string back into Flex?