Dear All,
I have a php form that access a MySql database to modify data.
I am havig problem modifying records with names that include single uplifted commas or single quotation ( ' ), eg. Tom's. When I submit changes for these records it does not update the database.
Can anyone kindly advise?
Thanks
Dave Evans
Uplifted comma (') problem
Moderator: General Moderators
Re: Uplifted comma (') problem
Use mysql_real_escape_string() on all the data you insert.
Re: Uplifted comma (') problem
This still did not solve the porblem.
This is what is happening when I am trying to pass a URL value to File.php. Lets say the company's name is A's Fashion, the code for passing the values:
header("Location: File.php?Name_of_Co=$Name_of_Co");
or
echo "<a href=File.php?Name_of_Co=$Name_of_Co> Click for Company Info</a>";
if I tried to echo the value when it is passed
this is what is being outputted -> A\'s Fashion
and
From the URL -> A\'s
how can I get the A's Fashion value passed properly?
I Appreciates All help.
Very Frustrated
Dave
This is what is happening when I am trying to pass a URL value to File.php. Lets say the company's name is A's Fashion, the code for passing the values:
header("Location: File.php?Name_of_Co=$Name_of_Co");
or
echo "<a href=File.php?Name_of_Co=$Name_of_Co> Click for Company Info</a>";
if I tried to echo the value when it is passed
this is what is being outputted -> A\'s Fashion
and
From the URL -> A\'s
how can I get the A's Fashion value passed properly?
I Appreciates All help.
Very Frustrated
Dave
Re: Uplifted comma (') problem
Possibly two problems and a warning here;
1 when using data in a url you need to escape htmlentities in it using htmlentities() function e.g.
$Name_of_Co = htmlentities($Name_of_Co);
before the header() line.
2 it looks like your server has magic quotes switched on so you should clean all URL params with stripslashes(e.g.)
$Name_of_Co = stripslashes($GET['Name_of_Co']);
(note you should really also do some cleaning on this string as it is suspect, coming from user)
3 Generally it is better practice to use a unique identifier (usually a number) when passing a variable around to identify an item such as a company. passing the actual company name as well as causing all the above issues will be problematic if two companies have the same name.
HTH,
Dai
1 when using data in a url you need to escape htmlentities in it using htmlentities() function e.g.
$Name_of_Co = htmlentities($Name_of_Co);
before the header() line.
2 it looks like your server has magic quotes switched on so you should clean all URL params with stripslashes(e.g.)
$Name_of_Co = stripslashes($GET['Name_of_Co']);
(note you should really also do some cleaning on this string as it is suspect, coming from user)
3 Generally it is better practice to use a unique identifier (usually a number) when passing a variable around to identify an item such as a company. passing the actual company name as well as causing all the above issues will be problematic if two companies have the same name.
HTH,
Dai