Page 1 of 1

single quote error!

Posted: Mon May 02, 2011 7:20 pm
by cap2cap10
Greetings again, PHP Technorati! Ok, this is a common noob problem. I am trying to add responses to a database, but my script causes a mysql error when someone tries to upload data with an apostrophe. Mysql reads it as an extra quote that ends the query! who do I allow single quotes/apostrophes to be added to the database. Here is the code:

Code: Select all

for ($i = 1; $i <= 15; $i++) {
    $response = filter_input(INPUT_POST, 'resp_' . $i, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

    if (!empty($response)) {
        mysql_query("UPDATE prelim_db SET resp_$i = '$response' WHERE candidateID = '$candidateID'") or die('Query failed: ' . mysql_error());
    }
}

I searched it on the web and there is some mention of mysql real escape string! Please enlighten me as to how to solve this problem! :banghead:

Thanks in advance,

Batoe

Re: single quote error!

Posted: Tue May 03, 2011 8:36 am
by oscardog

Code: Select all

$response = mysql_real_escape_string($_POST['resp_' . $i);
Can't say I've ever used input filters so I have no idea if it's safe to use both.

Re: single quote error!

Posted: Tue May 03, 2011 11:23 am
by social_experiment

Code: Select all

<?php
for ($i = 1; $i <= 15; $i++) {
    $word = 'resp_';
    $value = $word.$i;
    $response = filter_input(INPUT_POST, $value, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

    if (!empty($response)) {
        mysql_query("UPDATE prelim_db SET $value = '" . mysql_real_escape_string($response) . "' 
WHERE candidateID = '". mysql_real_escape_string($candidateID) . "' ") or die('Query failed: ' . mysql_error());
    }
}
?>
What happens if you use the code above?

Re: single quote error!

Posted: Tue May 03, 2011 2:05 pm
by cap2cap10
Excellent! Mysql real escape string did do the trick! Thanks again, guys!

Batoe