November 9th, 2009, 07:58 AM
Join Date: Oct 2009
Originally Posted by Chuck S
See love the morning and coffee.
The code is doing what it is suppose to do. See we code it as a string and and it passes through the typecast function which adds the slash because going into mysql you need that. Now we issue an ereg_replace line that removes everything except the actual number. So I dont know why you think setting it to an INT does not work the end result is we pass an integer to the database. You input $199.50
It passes through the code it is returned as 19950. That inturn is used in the query and you end up with 199.50 stored in the database since its a 2point floating field.
The problem is when you use a non interger in that line what is left after the regex is \. You cant enter a string value into a float field.
You can use a striipslash sure and the variable comes back empty thats fine. I choose this in uploadproduct.php because it lets me backwards remember why I just posted this. You will see there are no stripslash or addslash lines thrown throughout our code as there is a function which properly does this.
Content visible to verified customers only.
Thats not in the code that I downloaded:
$shipping = str_replace("$", "", $shipping); |
$shipping = ereg_replace( "[^0-9\.]", "", $shipping );
$reserve = str_replace("$", "", $reserve);
$reserve = ereg_replace( "[^0-9\.]", "", $reserve );
$category = (int)$category;
$quantity = (int)$quantity;
if ( $testname == "" || $testname == "none" || $realsize < 1 )
$forwardid = process_image( $testname, $filepath, $category, 1 );
I don't see the: $price = str_replace("\", "", $price);
$shipping = str_replace("\", "", $shipping);