Hi,
I am reading a string into a variable via a html form. I have noticed that if my string includes an apostrophe a slash is added in front of it....
ie if the user inputs:
This is Rob's test page
The output is:
This is Rob\'s test page
The problem is that I am writing the data into a Topspeed Clarion database and the slashes causes an error when I try and write.
Is there a way around this problem or does anyone know how to deal with strings that in clude apostrophes.
Many thanks in advance.
Rob Burne.
Strings and apostrophes
Moderator: General Moderators
-
spacebiscuit
- Forum Contributor
- Posts: 390
- Joined: Mon Mar 07, 2005 3:20 pm
-
spacebiscuit
- Forum Contributor
- Posts: 390
- Joined: Mon Mar 07, 2005 3:20 pm
HI,
stripslashes() does exactly what it says on the tin, however the problem is tat when I then try and insert the data into my database the apostrophes is read at the end of the data and not as an apostrophes within the opening and closing apostrophes.
For example:
If any of the variables is a string containing an apostrophes is causes a problem thinking that is the end of string.
Any ideas guys?
Many thanks,
Rob Burne.
stripslashes() does exactly what it says on the tin, however the problem is tat when I then try and insert the data into my database the apostrophes is read at the end of the data and not as an apostrophes within the opening and closing apostrophes.
For example:
Code: Select all
$query = "INSERT INTO TABLE (x, y, z)
VALUES ('$x', '$y', '$z')";Any ideas guys?
Many thanks,
Rob Burne.
For most dbms there is a dbms_(real)_escape_string function...
I would suggest you use prepared statements.. As they handle all the escaping for you.. If you dbms doesn't support that, consider http://adodb.sf.net as it can emulate them..
I would suggest you use prepared statements.. As they handle all the escaping for you.. If you dbms doesn't support that, consider http://adodb.sf.net as it can emulate them..
-
spacebiscuit
- Forum Contributor
- Posts: 390
- Joined: Mon Mar 07, 2005 3:20 pm
for example with adodb
Code: Select all
$db->Execute('INSERT INTO table (a, b, c) VALUES (?, ? , ?)', array($a, $b, $c));