amfphp is supposed to be easy. for the most part, it is. i love that i can send arrays of arrays and not worry about anything.
i am having trouble though with some things that would be otherwise very basic just POSTing to a php script directly…
when i send a string containing a single quote ( ’ ) and try and use it in a mysql query, the query will fail. addslashes() does not work.
i noticed in the amfphp “common errors” documentation says:
AMFPHP uses $HTTP_RAW_POST_DATA as its input. This variable is not affected by magic quotes. Thus all your service arguments will act as though magic quotes was set to off. If you try to insert something with a quote in it without escaping it you will receive an error back from your sql driver. Use the database specific escaping function on your strings before running SQL, for example mysql_real_escape_string for MySQL.
so i tried running
mysql_real_escape_string( $val ) or die("problem trying to escape");
$sql = "UPDATE $tableName SET `$fieldName`='$val' WHERE `item_id`='$id' LIMIT 1";
and if $val contains a single quote, then the script dies at the escaping.
any ideas?
ever seen this before?
thanks
jaz
