Apostrophes

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
j1982
Forum Newbie
Posts: 5
Joined: Mon Jun 05, 2006 3:42 pm

Apostrophes

Post by j1982 »

I have names in a table that, when pulled off onto a php page, you can click on to see all entries of each name. Some names have apostrophes, like O'Neal, but for them, it'll cut off at the character. What can I do to make certain characters like that "recognizable"?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

post your display code.
j1982
Forum Newbie
Posts: 5
Joined: Mon Jun 05, 2006 3:42 pm

Post by j1982 »

The line that links to the name log page:

Code: Select all

<a href='log_opp.php?name=$name' title='$name vs. Arkansas game log'>$name</a>
The name log page (pulling off all entries with a certain name)

Code: Select all

<?
$query = "SELECT DATE_FORMAT(date, '%c/%e/%Y') as prettydate,start,date,fg,fga,ft,fta,tfg,tfga,oreb,dreb,pf,tp,a,turn,blk,min,s,name,oppteam,treb from $userstable WHERE name = '$name' ORDER by date ASC";

$result = MYSQL_QUERY($query);

/* How many of these users are there? */
$number = MYSQL_NUMROWS($result);

/* Print these results to the screen in a nice format */
$i = 0;

IF ($number == 0) :
	PRINT " ";
ELSEIF ($number > 0) :
	PRINT "";
	WHILE ($i < $number):
		$name = mysql_result($result,$i,"name");
<<several other fields>>
		PRINT "
	<tr>
	<td bgcolor='#ffffff'><font face='arial' size='-2'><a href='boxscore.php?date=$date' title='Click for complete stats from this game'>$prettydate</a></font></td>
<<rest of fields>>
	</tr>
";
		$i++;
	ENDWHILE;
		PRINT "";
ENDIF;

?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

pass $name through rawurlencode() before you echo it.
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Post by pickle »

htmlentities() should work too.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
GM
Forum Contributor
Posts: 365
Joined: Wed Apr 26, 2006 4:19 am
Location: Italy

Post by GM »

You need to escape your $name variable, because effectively, php sees:

Code: Select all

<a href='log_opp.php?name=O'neal' title='$name vs. Arkansas game log'>$name</a>
you see how in the href attribute of the anchor tag the quote has been "closed" prematurely by the apostrophy in O'neal?

what you actually get is

Code: Select all

<a href='log_opp.php?name=O' ...
Note, you should also escape this before you do a query with it, for the same reasons. Apostrophies can be dangerous with databases, if security is lax.

You can maybe use addslashes($name) to resolve the problem too.
j1982
Forum Newbie
Posts: 5
Joined: Mon Jun 05, 2006 3:42 pm

Post by j1982 »

Thanks for the input... will do some adjusting.
Post Reply