Jump to content

RE: trying to escape ' within a string (CMS related)

zhTonic

By zhTonic
in PHP Coding Help

Recommended Posts

zhTonic Newbie

zhTonic

Posted
Posted

Hey guys,

 

I'm having some problems with using ' in a word like "they're" so i was trying to use $subject = str_replace("'","\'",$subject); so that it would escape the ' but that's not working for me.. I've tried a few different things but no luck, any help would be appreciated.

 

Thanks,

 

-Tc

zhTonic Newbie

zhTonic

Posted
  • Author
Posted

this is just the top part of the code, is there anything wrong here that is causing my problem?

 

function editnotice($username){
$requiredauth = 2;
if(!$username){
header("Location: _index.php");
} else {
$gmcheck = mysql_query("SELECT * FROM accounts WHERE name='".$username."'");
$gmchecky = mysql_fetch_array($gmcheck);
if($gmchecky["webadmin"] < 1){
header("Location: _index.php");
} else {
echo "<font size=2>";
if($gmchecky["webadmin"] < $requiredauth){
echo "Sorry, but you need to be at least a level $requiredauth GM. You are currently a level ".$gmchecky["webadmin"]." GM.<p>
This page has been disabled for your account.";
} else {
$post = mysql_real_escape_string($_GET["notice"]);
$sql1 = mysql_query("SELECT * FROM notices WHERE id='".$post."'");
$sqlly1 = mysql_fetch_array($sql1);
$subject = mysql_real_escape_string($_POST["subject"]);
$body = mysql_real_escape_string($_POST["body"]);
$back = "<a href='?action=editnotice&notice=$post'><font color=white>Back</font></a>";
$deleteit = mysql_real_escape_string($_POST["deleteit"]);
$subject = str_replace("'","a",$subject);
if($_POST){
if((empty($subject)) || (empty($body))){
echo "$font <font color=yellow>One or more fields are empty.</font><p>$back";
} else {
if(!$deleteit){
mysql_query("UPDATE notices SET topicname='".$subject."',topicsubject='".$body."' WHERE id='".$post."'") or die(mysql_error());	
  header("Location: _index.php");
} else {
mysql_query("DELETE FROM notices WHERE id='".$post."'") or die(mysql_error());
  header("Location: _index.php");

zhTonic Newbie

zhTonic

Posted
  • Author
Posted

And does it show any MySQL errors when using a string with a ' in it?

 

Not at all it just shows up as "they\'re ?"

 

*EDIT*

 

I just tried the same thing on my laptop wamp and when i use ' it formats it properly.. could this be a php/mysql thing?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.