Uplifted comma (') problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
dv_evan
Forum Commoner
Posts: 42
Joined: Wed Apr 09, 2008 8:23 am

Uplifted comma (') problem

Post by dv_evan »

Dear All,

I have a php form that access a MySql database to modify data.
I am havig problem modifying records with names that include single uplifted commas or single quotation ( ' ), eg. Tom's. When I submit changes for these records it does not update the database.

Can anyone kindly advise?

Thanks
Dave Evans
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Uplifted comma (') problem

Post by onion2k »

Use mysql_real_escape_string() on all the data you insert.
dv_evan
Forum Commoner
Posts: 42
Joined: Wed Apr 09, 2008 8:23 am

Re: Uplifted comma (') problem

Post by dv_evan »

This still did not solve the porblem.

This is what is happening when I am trying to pass a URL value to File.php. Lets say the company's name is A's Fashion, the code for passing the values:

header("Location: File.php?Name_of_Co=$Name_of_Co");
or
echo "<a href=File.php?Name_of_Co=$Name_of_Co> Click for Company Info</a>";

if I tried to echo the value when it is passed
this is what is being outputted -> A\'s Fashion

and
From the URL -> A\'s

how can I get the A's Fashion value passed properly?

I Appreciates All help.
Very Frustrated
Dave
DaiWelsh
Forum Commoner
Posts: 36
Joined: Wed Jan 08, 2003 9:39 am
Location: Derbyshire, UK

Re: Uplifted comma (') problem

Post by DaiWelsh »

Possibly two problems and a warning here;

1 when using data in a url you need to escape htmlentities in it using htmlentities() function e.g.

$Name_of_Co = htmlentities($Name_of_Co);

before the header() line.

2 it looks like your server has magic quotes switched on so you should clean all URL params with stripslashes(e.g.)

$Name_of_Co = stripslashes($GET['Name_of_Co']);

(note you should really also do some cleaning on this string as it is suspect, coming from user)

3 Generally it is better practice to use a unique identifier (usually a number) when passing a variable around to identify an item such as a company. passing the actual company name as well as causing all the above issues will be problematic if two companies have the same name.

HTH,

Dai
Post Reply