Using " and ' in a post form errors my database entry

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
robster
Forum Contributor
Posts: 360
Joined: Wed Jul 16, 2003 8:28 am
Location: Sunshine Coast, Australia

Using " and ' in a post form errors my database entry

Post by robster »

I'm not 100% sure if this is a PHP thing, a HTML thing or a MySQL thing so I'll try here anyway. Feel free to move this if it belongs in another category.


I have a bunch of forms, they collect information from page to page, then, at the end, the place all the info into the database.

Everything works perfectly until a user puts an apostrophe or inverted commas (' or ") into their text fields. IE:

Code: Select all

Hello everyone, here's a pic of my "cat woofy".
If it just has one or the other it still fails so it's not anything to do with using both in the text field.


Does anyone know what this could be? Why I can't use them. Really, if it is like this then people will not know, even if they are told they will forget and I'm going to end up with a lot of errors and the automation I am craving will be lost.


Any help would be very much appreciated.

Thanks again :)

Rob
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Depending on how your script is dealing with the string, one of the following functions might be of use:
mysql_escape_string, mysql_real_escape_string, addslashes, stripslashes (just to name a few).

http://php.net/manual/en/ref.info.php#i ... quotes-gpc
Might also be of interest, as its also a setting you can tweak in the php settings.

http://php.net/manual/en/function.get-m ... es-gpc.php shows some good examples of usage between things.

Hope this helped.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

Well, quotes are used to deliniate variables, so if an entry has quotes, MySQL will be expecting a variable. I always call addcslashes() to escape both the single and double quotes. That way the user is free to type in what they want.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
robster
Forum Contributor
Posts: 360
Joined: Wed Jul 16, 2003 8:28 am
Location: Sunshine Coast, Australia

Post by robster »

Thanks so much for your help, it turned out this is what saved the day in the end:

http://uk.php.net/htmlspecialchars

thanks again :)

Rob
Post Reply