Page 1 of 1

Strings and apostrophes

Posted: Tue Jul 26, 2005 2:03 pm
by spacebiscuit
Hi,

I am reading a string into a variable via a html form. I have noticed that if my string includes an apostrophe a slash is added in front of it....

ie if the user inputs:

This is Rob's test page

The output is:

This is Rob\'s test page

The problem is that I am writing the data into a Topspeed Clarion database and the slashes causes an error when I try and write.

Is there a way around this problem or does anyone know how to deal with strings that in clude apostrophes.

Many thanks in advance.

Rob Burne.

Posted: Tue Jul 26, 2005 2:05 pm
by hawleyjr
Check out stripslashes() and get_magic_quotes_gpc()

Posted: Wed Jul 27, 2005 8:02 am
by spacebiscuit
HI,

stripslashes() does exactly what it says on the tin, however the problem is tat when I then try and insert the data into my database the apostrophes is read at the end of the data and not as an apostrophes within the opening and closing apostrophes.

For example:

Code: Select all

$query =  "INSERT INTO TABLE (x, y, z) 
           VALUES ('$x', '$y', '$z')";
If any of the variables is a string containing an apostrophes is causes a problem thinking that is the end of string.

Any ideas guys?

Many thanks,

Rob Burne.

Posted: Wed Jul 27, 2005 8:33 am
by nielsene
typically you'll addslashes() the data before sticking it into the database and stripslashes() when you bring it out before display. "magic_quotes" will do some of that for you automatically.

Posted: Wed Jul 27, 2005 8:39 am
by timvw
For most dbms there is a dbms_(real)_escape_string function...

I would suggest you use prepared statements.. As they handle all the escaping for you.. If you dbms doesn't support that, consider http://adodb.sf.net as it can emulate them..

Posted: Wed Jul 27, 2005 9:43 am
by spacebiscuit
Prepared statements, any suggestions?

Thanks,

Rob.

Posted: Wed Jul 27, 2005 2:40 pm
by timvw
for example with adodb

Code: Select all

$db->Execute('INSERT INTO table (a, b, c) VALUES (?, ? , ?)', array($a, $b, $c));