I've managed to make a guest book, from all
the material on the internet... but when someone
put a ' in there message and click submit they
get an error...for example:
You have an error in your SQL syntax near '15:11','26/11/2002')' at line 1
when I only put an ' in the message space...
How can I make it so people can use the ' ???
Any suggestions ?? Maybe I can replace the ' with something...?
Tnx..
Can't put a ' in my guest book
Moderator: General Moderators
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
You need to use addslashes() to escape the quotes when you put them into the database. When you then wish to redisplay the message you need to use stripslashes().
Mac
Mac
I now use the htmlspectialchars...
that should also do the trick right...
But it doesn't for me...
But I still get errors using ' in my message...
What can it be. ??
Greetz Frank
that should also do the trick right...
But it doesn't for me...
Code: Select all
$bericht = htmlspecialchars($bericht);
$bericht = nl2br($bericht);What can it be. ??
Greetz Frank
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
All htmlspecialchars() does is convert characters such as < to a value that HTML will ignore - <. It doesn't do anything about characters such as single quotes (although it does change double quotes to ").
I wouldn't use htmlspecialchars() or nl2br() before putting data into a database - only when displaying data that has been entered from a form, or retrieved from a database. This way you don't end up with HTML linebreaks (<br />) and HTML entities such as " in your stored data.
Mac
I wouldn't use htmlspecialchars() or nl2br() before putting data into a database - only when displaying data that has been entered from a form, or retrieved from a database. This way you don't end up with HTML linebreaks (<br />) and HTML entities such as " in your stored data.
Mac
Anyone that may be working with Microsoft SQL may find it necessary to use
even with addslashes the apostrophe will cause an error. In ms sql the single quote is the end of data marker so you need to take care of it before adding it to the database.
Code: Select all
htmlspecialchars($data, ENT_QUOTES);