Jump to content

Archived

This topic is now archived and is closed to further replies.

lice200

Cannot enter a apostrophe into my database

Recommended Posts

Hi,

When i try to enter a apostrophe into my Text Field then submit it to a database the text will not show up.

Database Structure:
Link_ID Int(11) Not Null Auto_increment
Link_Text Text Not null

Example: Without Apostrophe
I like php

Link_ID: 1
Link_Text: I like php
----------------------------------

Example: With Apostrophe
I like php'

Link_ID: 2
Link_Text:
----------------------------------


I don't understand why it's doing this. Can you help me find a solution?

-Lice

Share this post


Link to post
Share on other sites
[!--quoteo(post=382172:date=Jun 10 2006, 03:04 AM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ Jun 10 2006, 03:04 AM) [snapback]382172[/snapback][/div][div class=\'quotemain\'][!--quotec--]
try doing \'
[/quote]

Thanks for the help.

That will not work. You have to understand that I have to enter alot of these per day. Many of them have a apostrophe. Adding a \ to every single one would be to time consuming...

Is there any other way I can have done for me?

Share this post


Link to post
Share on other sites
yes, there is function for that in php.

$searchstring = str_replace ("\'","'",$searchstring) ;

this function will replace all " ' " with a " \' " and by this way your query will not blow up.

Share this post


Link to post
Share on other sites
[!--quoteo(post=382182:date=Jun 10 2006, 03:36 AM:name=radalin)--][div class=\'quotetop\']QUOTE(radalin @ Jun 10 2006, 03:36 AM) [snapback]382182[/snapback][/div][div class=\'quotemain\'][!--quotec--]
yes, there is function for that in php.

$searchstring = str_replace ("\'","'",$searchstring) ;

this function will replace all " ' " with a " \' " and by this way your query will not blow up.
[/quote]


Where do i put this?

Share this post


Link to post
Share on other sites
You can just use addslashes (when data is entered into the database) and stripslashes (when data is pullout of the database).

addslashes will escape any double or single quotes in the data you have submitted automatically, and stripslashes does the opposite, which is remove the slashes addslashes added.

Share this post


Link to post
Share on other sites
I'm here because im a noob, you can tell me what todo, but it doesnt help if i dont know how todo it.

Please take the time to explain it to me.

Share this post


Link to post
Share on other sites
Use the function [a href=\"http://www.php.net/mysql_real_escape_string\" target=\"_blank\"]mysql_real_escape_string()[/a] instead of [a href=\"http://www.php.net/addslashes\" target=\"_blank\"]addslashes()[/a]. The former will work with multi-byte characters and it will quote more characters that can cause problems with mysql than the latter. Also, I have found that you don't have to remember to use the funtion [a href=\"http://www.php.net/stripslashes\" target=\"_blank\"]stripslashes()[/a] when retrieving the data from the database.

Ken

Share this post


Link to post
Share on other sites
you have form don't you. And you have a php form that makes an insert into the db.

you are taking a value like :
[code]
$value = $_GET['value'];
[/code]
and then inserting it something like:
[code]
mysql_query("INSERT INTO .... values ('$value')");
[/code]

you have to insert addlashes or mysql_real_escape_string or str_replace or whatever you intend to do before sending it to the query so your code should like:
[code]
$value = $_GET['value'];
$value = addlashes($value);
mysql_query("INSERT INTO.... VALUES('$value')");
[/code]
Got that?

Share this post


Link to post
Share on other sites
Okay this is my code now

[code]    $link_title = $_POST['link_title'];
    $link_link = $_POST['link_link'];
    $link_date = $_POST['link_date'];
    $link_sfw = $_POST['link_sfw'];
        $query = ("INSERT INTO archive (link_title,link_link,link_date,link_sfw) VALUES ('$link_title', '$link_link', '$link_date', '$link_sfw')");
        mysql_query($query);
        mysql_close();[/code]

This is what i tried...

[code]    $link_title = $_POST['link_title'];
    $strreplace = str_replace ("\'","'",$link_title);
    $link_link = $_POST['link_link'];
    $link_date = $_POST['link_date'];
    $link_sfw = $_POST['link_sfw'];
        $query = ("INSERT INTO archive (link_title,link_link,link_date,link_sfw) VALUES ('$strreplace', '$link_link', '$link_date', '$link_sfw')");
        mysql_query($query);
        mysql_close();[/code]

Sorry for the touble. I just don't understand how it works...

Share this post


Link to post
Share on other sites
[code]
$link_title = mysql_real_escape_string($_POST['link_title']);
$link_link = mysql_real_escape_string($_POST['link_link']);
$link_date = mysql_real_escape_string($_POST['link_date']);
$link_sfw = mysql_real_escape_string($_POST['link_sfw']);

$query = ("INSERT INTO archive (link_title,link_link,link_date,link_sfw) VALUES ('$link_title', '$link_link', '$link_date', '$link_sfw')");

mysql_query($query);
mysql_close();
[/code]

Share this post


Link to post
Share on other sites
[!--quoteo(post=382775:date=Jun 12 2006, 02:39 AM:name=Crayon Violent)--][div class=\'quotetop\']QUOTE(Crayon Violent @ Jun 12 2006, 02:39 AM) [snapback]382775[/snapback][/div][div class=\'quotemain\'][!--quotec--]
[code]
$link_title = mysql_real_escape_string($_POST['link_title']);
$link_link = mysql_real_escape_string($_POST['link_link']);
$link_date = mysql_real_escape_string($_POST['link_date']);
$link_sfw = mysql_real_escape_string($_POST['link_sfw']);

$query = ("INSERT INTO archive (link_title,link_link,link_date,link_sfw) VALUES ('$link_title', '$link_link', '$link_date', '$link_sfw')");

mysql_query($query);
mysql_close();
[/code]
[/quote]

Thanks ^^

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.