tmyonline Posted May 8, 2008 Share Posted May 8, 2008 Guys: I have a problem writing messages to database whenever my message contains " ' ". For example, if my message contains: he's, he'll, I'm, we're,..., it fails to write the message to database. How do I resolve this astrophy problem ? Thanks. Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/ Share on other sites More sharing options...
Psycho Posted May 8, 2008 Share Posted May 8, 2008 mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-535944 Share on other sites More sharing options...
The Little Guy Posted May 8, 2008 Share Posted May 8, 2008 <?php $query = sprintf("SELECT * FROM myTable WHERE c1 = '%s'",mysql_real_escape_string($_POST['c1']); $sql = mysql_query($query); ?> for every %s it makes a new function spot in the sprintf function. there is more than just %s, http://php.net/sprintf Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-535945 Share on other sites More sharing options...
Fadion Posted May 8, 2008 Share Posted May 8, 2008 This guy must be pretty new to php and mysql, so the above post should be confusing. Just use mysql_real_escape_string() when inserting a variable into the database and stripslashes() when retrieving it, to remove the added slashes (escaped characters). Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-536028 Share on other sites More sharing options...
tmyonline Posted May 8, 2008 Author Share Posted May 8, 2008 Thank you all. Your help is very helpful. Things are working now. Many thanks again. Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-536033 Share on other sites More sharing options...
discomatt Posted May 8, 2008 Share Posted May 8, 2008 This guy must be pretty new to php and mysql, so the above post should be confusing. Just use mysql_real_escape_string() when inserting a variable into the database and stripslashes() when retrieving it, to remove the added slashes (escaped characters). With mysql_real_escape_string there should be no slashes to remove on returned data. If magic_quotes is turned on, though, there will be. I like to use a modified mysql_real_escape_string... it's nice not having to type out that stupidly long function name anyways function mysql_sanitize ( $input ) { # Check if already escaped if (get_magic_quotes_gpc()) # Remove useless escapes $input = stripslashes($value); # Check for integer if ( !is_numeric($value) ) # Not a number -> Sanitize $input = mysql_real_escape_string($input); return $value; } Then just call $query = 'SELECT `row` FROM `table` WHERE `c1` = \'' . mysql_sanitize($_POST['c1']) . '\''; Also note, you shouldn't have to escape anything you are hashing. Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-536034 Share on other sites More sharing options...
Psycho Posted May 8, 2008 Share Posted May 8, 2008 I like to use a modified mysql_real_escape_string... it's nice not having to type out that stupidly long function name anyways Just curious, what's the purpose of checking for a numeric value? mysql_real_escape_string() won't do anything to a number anyway, does it? Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-536046 Share on other sites More sharing options...
psychowolvesbane Posted May 8, 2008 Share Posted May 8, 2008 I like to use a modified mysql_real_escape_string... it's nice not having to type out that stupidly long function name anyways Just curious, what's the purpose of checking for a numeric value? mysql_real_escape_string() won't do anything to a number anyway, does it? Perhaps he just uses it on all his inputs just in case. Link to comment https://forums.phpfreaks.com/topic/104714-problem-with-writing-to-mysql/#findComment-536065 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.