apostrophe database problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
speedamp
Forum Commoner
Posts: 45
Joined: Tue Apr 29, 2003 3:59 pm

apostrophe database problem

Post by speedamp »

hello,

my question is about returning values with special characters from the database. Apostrophe's have caused me the most problems.

When a use enters "O'Reilly" as a last name, it is returned FROM the database as "O\\\\\\\\\Reilly"

Should I use the stripslashes command, or should i strip the special characters when the user enters them into the database?

How could i just remove them all from the form before entering the db?

-Michael
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Looks like your server is using magic quotes which are evil.
Basically magic_quotes is auto adding quotes for you. So either disable magic_quotes and use addslashes/stripslashes.
If you don't have access to the php.ini (a shared host) then you can put php_value magic_quotes_gpc 0 in a .htaccess file to turn them off.
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

And if you don't have access to .htaccess files (i.e. your host uses Windows servers) you can do it from within PHP itself at the start of your scripts:

Code: Select all

set_magic_quotes_runtime(0);
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

It's usually best to add the slashes before you put it in the DB, and after you take it out, I use
[php_man]mysql_escape_string[/php_man] and [php_man]stripslashes[/php_man] personally.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
launchcode
Forum Contributor
Posts: 401
Joined: Tue May 11, 2004 7:32 pm
Location: UK
Contact:

Post by launchcode »

Yeah, escape_string is a better way to do it - although to be honest it does the exact same thing as addslashes, that's only at the moment and could be open to change (although unlikely!). Pickle - if you don't add slashes before you add to the DB, when else could you do it?! :) any other time is a bit late, surely? :)
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

I've noticed on occasion ( and it may be just me ), that if I don't manually add slashes, they are added anyway, but in ways that can't be predicted. When I add them myself, I don't have that problem. Again, it may just be my coding.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Post Reply