What do I need to do in order to insert a value into the database that has an apostrophe.
$name = "Apostrophe's";
Insert into tablename (name)VALUES('$name')
I get an error.
insert data that has apostrophe
Moderator: General Moderators
insert data that has apostrophe
Last edited by fitchic77 on Sat Oct 16, 2010 11:41 am, edited 1 time in total.
Code: Select all
Insert into tablename (name)VALUES($name)- MarK (CZ)
- Forum Contributor
- Posts: 239
- Joined: Tue Apr 13, 2004 12:51 am
- Location: Prague (CZ) / Vienna (A)
- Contact:
Code: Select all
mysql_real_escape_string();$address2 = addslashes($_POST['address2']); //store in database - works great
$address2A = stripslashes($_POST['address2']); //display to user
Problem I'm having is now the stripslashes isn't stripping the slash. It is still showing up as name\'s.
Any ideas?
$address2A = stripslashes($_POST['address2']); //display to user
Problem I'm having is now the stripslashes isn't stripping the slash. It is still showing up as name\'s.
Any ideas?
Last edited by fitchic77 on Sat Oct 16, 2010 11:40 am, edited 1 time in total.
there is really no reason to use addslashes anywhere in your application (at least I don't know of such case....and certainly not for escaping data for use in DB query).fitchic77 wrote:$address2 = addslashes($_POST['address2']); //store in database - works great
$address2A = stripslashes($_POST['address2']); //display to user
Problem I'm having is now the stripslashes isn't stripping the slash. It is still showing up as fitchic77\'s.
Any ideas?
The only realiable way to escape data for usage in DB query is using mysql_real_escape_string() and prepared statements.
stripslashes() you realy only need to use once
and this is to escape prepare properly data if you have no control over the server and magic_quotes are on.
Code: Select all
//so as first thing in the scrip you would have.
if (get_magic_quotes_gpc()) {
$in = array(&$_GET, &$_POST, &$_COOKIE);
while (list($k,$v) = each($in)) {
foreach ($v as $key => $val) {
if (!is_array($val)) {
$in[$k][$key] = stripslashes($val);
continue;
}
$in[] =& $in[$k][$key];
}
}
unset($in);
}