Page 1 of 1

apostrophe - how do i stop it causing so many problems?

Posted: Mon Aug 18, 2008 5:23 pm
by slaterino
Hi,
I have created an image gallery which works absolutely perfectly. Except when there's an apostrophe involved. This seems to break the syntax of the php and an error message gets spit out. I also have this problem on a page which shows data from a mysql table, where the apostrophe are displayed as question mark. This is the php from the gallery form. Is there anything simple that can be changed to allow for apostrophe's to be used?

Code: Select all

<?php
if(isset($_POST['txtTitle']))
{
    $albumId   = $_POST['cboAlbum'];
    $imgTitle  = $_POST['txtTitle'];
    $imgDesc   = $_POST['mtxDesc'];
    $imgDiv    = $_POST['mtxDiv'];
    $imgEx    = $_POST['mtxEx'];
 
    $images    = uploadImage('fleImage', GALLERY_IMG_DIR);
 
    if ($images['image'] == '' && $images['thumbnail'] == '') {
        echo "Error uploading file";
        exit;
    }
    
    $image     = $images['image'];
    $thumbnail = $images['thumbnail'];
    
    if (!get_magic_quotes_gpc()) {
        $albumName  = addslashes($albumName);
        $albumDesc  = addslashes($albumDesc);
        $imgPath    = addslashes($imgPath);
    }  
 
    $sql = "INSERT INTO tbl_image (im_album_id, im_title, im_bloom, im_division, im_exhibit, im_image, im_thumbnail, im_date) 
            VALUES ($albumId, '$imgTitle', '$imgDesc', '$imgDiv', '$imgEx', '$image', '$thumbnail', NOW())";
 
    mysql_query($sql) or die('Error, add image failed : ' . mysql_error());                    
    
    echo "<script>window.location.href='index.php?page=list-image&album=$albumId';</script>";
    exit;
}   
 
// get album list
$sql = "SELECT al_id, al_name
        FROM tbl_album
        ORDER BY al_name";
$result = mysql_query($sql) or die('Error, get album list failed : ' . mysql_error());                    
 
$albumList = '';
$selectedAlbum = isset($_GET['album']) ? $_GET['album'] : '';
while ($row = mysql_fetch_assoc($result)) {
    $albumList .= '<option value="' . $row['al_id']. '"';
    
    if ($row['al_id'] == $selectedAlbum) {
        $albumList .= ' selected';
    }
    
    $albumList .= '>' . $row['al_name'] . '</option>';  
}   
?>
Thanks!!!
Russ

Re: apostrophe - how do i stop it causing so many problems?

Posted: Mon Aug 18, 2008 6:46 pm
by alex.barylski
Escape your $_POST data using addslashes()

Code: Select all

$myvar = addslashes($_POST['myvar']);

Re: apostrophe - how do i stop it causing so many problems?

Posted: Mon Aug 18, 2008 9:45 pm
by swiftouch
Try adding this to your htaccess file.

Depending on what you need to you can do it for one file or all files that end in .htm, .html, etc.

AddCharset ISO-8859-1 .htm

Google "AddCharset" for more info

Re: apostrophe - how do i stop it causing so many problems?

Posted: Tue Aug 19, 2008 3:38 am
by GeertDD
I would turn of magic_quotes_gpc at all costs. Also, I would definitely use UTF-8, which is a Unicode encoding. Finally, I would never use addslashes() but rather mysql_real_escape_string().