Can't put a ' in my guest book

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Vinzie
Forum Newbie
Posts: 3
Joined: Tue Nov 26, 2002 8:11 am

Can't put a ' in my guest book

Post by Vinzie »

I've managed to make a guest book, from all
the material on the internet... but when someone
put a ' in there message and click submit they
get an error...for example:

You have an error in your SQL syntax near '15:11','26/11/2002')' at line 1

when I only put an ' in the message space...

How can I make it so people can use the ' ???
Any suggestions ?? Maybe I can replace the ' with something...?

Tnx..
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You need to use addslashes() to escape the quotes when you put them into the database. When you then wish to redisplay the message you need to use stripslashes().

Mac
Vinzie
Forum Newbie
Posts: 3
Joined: Tue Nov 26, 2002 8:11 am

Post by Vinzie »

I now use the htmlspectialchars...
that should also do the trick right...

But it doesn't for me...

Code: Select all

$bericht = htmlspecialchars($bericht); 
$bericht = nl2br($bericht);
But I still get errors using ' in my message...

What can it be. ??

Greetz Frank
Vinzie
Forum Newbie
Posts: 3
Joined: Tue Nov 26, 2002 8:11 am

Post by Vinzie »

I added the line

Code: Select all

$bericht = addslashes($bericht);
And now its working...

Tnx...
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

All htmlspecialchars() does is convert characters such as < to a value that HTML will ignore - <. It doesn't do anything about characters such as single quotes (although it does change double quotes to ").

I wouldn't use htmlspecialchars() or nl2br() before putting data into a database - only when displaying data that has been entered from a form, or retrieved from a database. This way you don't end up with HTML linebreaks (<br />) and HTML entities such as " in your stored data.

Mac
User avatar
riley
Forum Commoner
Posts: 45
Joined: Thu May 02, 2002 6:31 pm

Post by riley »

Anyone that may be working with Microsoft SQL may find it necessary to use

Code: Select all

htmlspecialchars($data, ENT_QUOTES);
even with addslashes the apostrophe will cause an error. In ms sql the single quote is the end of data marker so you need to take care of it before adding it to the database.
Post Reply