Page 1 of 1

Can't put a ' in my guest book

Posted: Tue Nov 26, 2002 8:11 am
by Vinzie
I've managed to make a guest book, from all
the material on the internet... but when someone
put a ' in there message and click submit they
get an error...for example:

You have an error in your SQL syntax near '15:11','26/11/2002')' at line 1

when I only put an ' in the message space...

How can I make it so people can use the ' ???
Any suggestions ?? Maybe I can replace the ' with something...?

Tnx..

Posted: Tue Nov 26, 2002 8:17 am
by twigletmac
You need to use addslashes() to escape the quotes when you put them into the database. When you then wish to redisplay the message you need to use stripslashes().

Mac

Posted: Tue Nov 26, 2002 9:00 am
by Vinzie
I now use the htmlspectialchars...
that should also do the trick right...

But it doesn't for me...

Code: Select all

$bericht = htmlspecialchars($bericht); 
$bericht = nl2br($bericht);
But I still get errors using ' in my message...

What can it be. ??

Greetz Frank

Posted: Tue Nov 26, 2002 9:05 am
by Vinzie
I added the line

Code: Select all

$bericht = addslashes($bericht);
And now its working...

Tnx...

Posted: Tue Nov 26, 2002 9:07 am
by twigletmac
All htmlspecialchars() does is convert characters such as < to a value that HTML will ignore - <. It doesn't do anything about characters such as single quotes (although it does change double quotes to ").

I wouldn't use htmlspecialchars() or nl2br() before putting data into a database - only when displaying data that has been entered from a form, or retrieved from a database. This way you don't end up with HTML linebreaks (<br />) and HTML entities such as " in your stored data.

Mac

Posted: Tue Nov 26, 2002 5:45 pm
by riley
Anyone that may be working with Microsoft SQL may find it necessary to use

Code: Select all

htmlspecialchars($data, ENT_QUOTES);
even with addslashes the apostrophe will cause an error. In ms sql the single quote is the end of data marker so you need to take care of it before adding it to the database.