Page 1 of 1

Uplifted comma (') problem

Posted: Mon Sep 01, 2008 8:20 am
by dv_evan
Dear All,

I have a php form that access a MySql database to modify data.
I am havig problem modifying records with names that include single uplifted commas or single quotation ( ' ), eg. Tom's. When I submit changes for these records it does not update the database.

Can anyone kindly advise?

Thanks
Dave Evans

Re: Uplifted comma (') problem

Posted: Mon Sep 01, 2008 8:31 am
by onion2k
Use mysql_real_escape_string() on all the data you insert.

Re: Uplifted comma (') problem

Posted: Mon Sep 01, 2008 10:46 am
by dv_evan
This still did not solve the porblem.

This is what is happening when I am trying to pass a URL value to File.php. Lets say the company's name is A's Fashion, the code for passing the values:

header("Location: File.php?Name_of_Co=$Name_of_Co");
or
echo "<a href=File.php?Name_of_Co=$Name_of_Co> Click for Company Info</a>";

if I tried to echo the value when it is passed
this is what is being outputted -> A\'s Fashion

and
From the URL -> A\'s

how can I get the A's Fashion value passed properly?

I Appreciates All help.
Very Frustrated
Dave

Re: Uplifted comma (') problem

Posted: Mon Sep 01, 2008 1:40 pm
by DaiWelsh
Possibly two problems and a warning here;

1 when using data in a url you need to escape htmlentities in it using htmlentities() function e.g.

$Name_of_Co = htmlentities($Name_of_Co);

before the header() line.

2 it looks like your server has magic quotes switched on so you should clean all URL params with stripslashes(e.g.)

$Name_of_Co = stripslashes($GET['Name_of_Co']);

(note you should really also do some cleaning on this string as it is suspect, coming from user)

3 Generally it is better practice to use a unique identifier (usually a number) when passing a variable around to identify an item such as a company. passing the actual company name as well as causing all the above issues will be problematic if two companies have the same name.

HTH,

Dai