Page 1 of 1

Using " and ' in a post form errors my database entry

Posted: Tue Apr 13, 2004 2:23 am
by robster
I'm not 100% sure if this is a PHP thing, a HTML thing or a MySQL thing so I'll try here anyway. Feel free to move this if it belongs in another category.


I have a bunch of forms, they collect information from page to page, then, at the end, the place all the info into the database.

Everything works perfectly until a user puts an apostrophe or inverted commas (' or ") into their text fields. IE:

Code: Select all

Hello everyone, here's a pic of my "cat woofy".
If it just has one or the other it still fails so it's not anything to do with using both in the text field.


Does anyone know what this could be? Why I can't use them. Really, if it is like this then people will not know, even if they are told they will forget and I'm going to end up with a lot of errors and the automation I am craving will be lost.


Any help would be very much appreciated.

Thanks again :)

Rob

Posted: Tue Apr 13, 2004 6:28 am
by JAM
Depending on how your script is dealing with the string, one of the following functions might be of use:
mysql_escape_string, mysql_real_escape_string, addslashes, stripslashes (just to name a few).

http://php.net/manual/en/ref.info.php#i ... quotes-gpc
Might also be of interest, as its also a setting you can tweak in the php settings.

http://php.net/manual/en/function.get-m ... es-gpc.php shows some good examples of usage between things.

Hope this helped.

Posted: Tue Apr 13, 2004 9:45 am
by pickle
Well, quotes are used to deliniate variables, so if an entry has quotes, MySQL will be expecting a variable. I always call addcslashes() to escape both the single and double quotes. That way the user is free to type in what they want.

Posted: Sun Apr 18, 2004 11:02 am
by robster
Thanks so much for your help, it turned out this is what saved the day in the end:

http://uk.php.net/htmlspecialchars

thanks again :)

Rob