[SOLVED] searching and replacing quotes & apostrophes in HTML output

[phoenixx]

I need to replace quotes and apostrophes within a string array just so that the output is compatible to insert into my database

 

Instead of you're (for instance) it would search the string and replace all of them with you\'re or \"quoted text\".

 

[DarkWater]

Just use mysql_real_escape_string() which also cleans other problematic characters.

[Mchl]

Assuming you use MySQL

mysql_real_escape_string()

or

mysqli::real_escape_string()

both take care of all unsafe characters.

[obsidian]

One other note, when you pull quoted text out of the database for output, you may want to consider the htmlentities() function with the ENT_QUOTES flag set to be sure that you don't open yourself up to XSS as well.

[phoenixx]

PERFECT!  Here's the syntax I used for anyone who may need the same thing.

 

Variables

$foo = mysql_real_escape_string($bar);

 

On the sql query

$sql = sprintf ("INSERT INTO tablename(bar1,bar2,bar3) VALUES ('$foo1','$foo2','$foo3')") or die(mysql_error());

mysql_query ($sql);

 

Thanks again for all of your help!