insert data that has apostrophe

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
fitchic77
Forum Commoner
Posts: 51
Joined: Thu Jul 20, 2006 11:57 pm

insert data that has apostrophe

Post by fitchic77 »

What do I need to do in order to insert a value into the database that has an apostrophe.

$name = "Apostrophe's";
Insert into tablename (name)VALUES('$name')


I get an error.
Last edited by fitchic77 on Sat Oct 16, 2010 11:41 am, edited 1 time in total.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

Code: Select all

Insert into tablename (name)VALUES($name)
?
User avatar
MarK (CZ)
Forum Contributor
Posts: 239
Joined: Tue Apr 13, 2004 12:51 am
Location: Prague (CZ) / Vienna (A)
Contact:

Post by MarK (CZ) »

Code: Select all

mysql_real_escape_string();
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

oh yea! DUH! (bonks self on head)
fitchic77
Forum Commoner
Posts: 51
Joined: Thu Jul 20, 2006 11:57 pm

Post by fitchic77 »

$address2 = addslashes($_POST['address2']); //store in database - works great
$address2A = stripslashes($_POST['address2']); //display to user

Problem I'm having is now the stripslashes isn't stripping the slash. It is still showing up as name\'s.

Any ideas?
Last edited by fitchic77 on Sat Oct 16, 2010 11:40 am, edited 1 time in total.
jmut
Forum Regular
Posts: 945
Joined: Tue Jul 05, 2005 3:54 am
Location: Sofia, Bulgaria
Contact:

Post by jmut »

fitchic77 wrote:$address2 = addslashes($_POST['address2']); //store in database - works great
$address2A = stripslashes($_POST['address2']); //display to user

Problem I'm having is now the stripslashes isn't stripping the slash. It is still showing up as fitchic77\'s.

Any ideas?
there is really no reason to use addslashes anywhere in your application (at least I don't know of such case....and certainly not for escaping data for use in DB query).

The only realiable way to escape data for usage in DB query is using mysql_real_escape_string() and prepared statements.

stripslashes() you realy only need to use once :)
and this is to escape prepare properly data if you have no control over the server and magic_quotes are on.

Code: Select all

//so as first thing in the scrip you would have.

if (get_magic_quotes_gpc()) {
    $in = array(&$_GET, &$_POST, &$_COOKIE);
    while (list($k,$v) = each($in)) {
        foreach ($v as $key => $val) {
            if (!is_array($val)) {
                $in[$k][$key] = stripslashes($val);
                continue;
            }
            $in[] =& $in[$k][$key];
        }
    }
    unset($in);
}
Post Reply