apostrophe - how do i stop it causing so many problems?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
slaterino
Forum Commoner
Posts: 46
Joined: Fri Jul 11, 2008 10:50 am

apostrophe - how do i stop it causing so many problems?

Post by slaterino »

Hi,
I have created an image gallery which works absolutely perfectly. Except when there's an apostrophe involved. This seems to break the syntax of the php and an error message gets spit out. I also have this problem on a page which shows data from a mysql table, where the apostrophe are displayed as question mark. This is the php from the gallery form. Is there anything simple that can be changed to allow for apostrophe's to be used?

Code: Select all

<?php
if(isset($_POST['txtTitle']))
{
    $albumId   = $_POST['cboAlbum'];
    $imgTitle  = $_POST['txtTitle'];
    $imgDesc   = $_POST['mtxDesc'];
    $imgDiv    = $_POST['mtxDiv'];
    $imgEx    = $_POST['mtxEx'];
 
    $images    = uploadImage('fleImage', GALLERY_IMG_DIR);
 
    if ($images['image'] == '' && $images['thumbnail'] == '') {
        echo "Error uploading file";
        exit;
    }
    
    $image     = $images['image'];
    $thumbnail = $images['thumbnail'];
    
    if (!get_magic_quotes_gpc()) {
        $albumName  = addslashes($albumName);
        $albumDesc  = addslashes($albumDesc);
        $imgPath    = addslashes($imgPath);
    }  
 
    $sql = "INSERT INTO tbl_image (im_album_id, im_title, im_bloom, im_division, im_exhibit, im_image, im_thumbnail, im_date) 
            VALUES ($albumId, '$imgTitle', '$imgDesc', '$imgDiv', '$imgEx', '$image', '$thumbnail', NOW())";
 
    mysql_query($sql) or die('Error, add image failed : ' . mysql_error());                    
    
    echo "<script>window.location.href='index.php?page=list-image&album=$albumId';</script>";
    exit;
}   
 
// get album list
$sql = "SELECT al_id, al_name
        FROM tbl_album
        ORDER BY al_name";
$result = mysql_query($sql) or die('Error, get album list failed : ' . mysql_error());                    
 
$albumList = '';
$selectedAlbum = isset($_GET['album']) ? $_GET['album'] : '';
while ($row = mysql_fetch_assoc($result)) {
    $albumList .= '<option value="' . $row['al_id']. '"';
    
    if ($row['al_id'] == $selectedAlbum) {
        $albumList .= ' selected';
    }
    
    $albumList .= '>' . $row['al_name'] . '</option>';  
}   
?>
Thanks!!!
Russ
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: apostrophe - how do i stop it causing so many problems?

Post by alex.barylski »

Escape your $_POST data using addslashes()

Code: Select all

$myvar = addslashes($_POST['myvar']);
User avatar
swiftouch
Forum Commoner
Posts: 80
Joined: Sun Dec 10, 2006 7:35 am
Location: Salt Lake City, Utah

Re: apostrophe - how do i stop it causing so many problems?

Post by swiftouch »

Try adding this to your htaccess file.

Depending on what you need to you can do it for one file or all files that end in .htm, .html, etc.

AddCharset ISO-8859-1 .htm

Google "AddCharset" for more info
User avatar
GeertDD
Forum Contributor
Posts: 274
Joined: Sun Oct 22, 2006 1:47 am
Location: Belgium

Re: apostrophe - how do i stop it causing so many problems?

Post by GeertDD »

I would turn of magic_quotes_gpc at all costs. Also, I would definitely use UTF-8, which is a Unicode encoding. Finally, I would never use addslashes() but rather mysql_real_escape_string().
Post Reply