mattiesams Posted October 17, 2008 Share Posted October 17, 2008 hi i have field that you can save address and it will insert into sql. it is address field and i want to save tim's international. ( field with ' ) how can i do that? and when i call back from server if i update the field still i need to save with ' can someone please help me thanks Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/ Share on other sites More sharing options...
ratcateme Posted October 17, 2008 Share Posted October 17, 2008 you could escape it with mysql_real_escape_string() that would turn ' into " or you could use str_replace();something like this $string = "test ' string"; $string = str_replace("'","|||",$string); then when you pull data out you need to $string = str_replace("|||","'",$string); Scott. Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/#findComment-667652 Share on other sites More sharing options...
MadTechie Posted October 17, 2008 Share Posted October 17, 2008 use mysql_real_escape_string() it changes it to \' in the database but when you read it back it will be ' as normal Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/#findComment-667654 Share on other sites More sharing options...
mattiesams Posted October 17, 2008 Author Share Posted October 17, 2008 i tried to use this function function escape_string($str) { if ($str !== null) { $str = str_replace(array('\\','\''),array('\\\\','\\\''),$str); $str = "'".$str."'"; } else { $str = "null"; } return strtoupper($str); } im inserting data into sql like ,'".$_SESSION['dco']."', ,'".$_SESSION['dadd1']."','".$_SESSION['dadd2']."', but then when open modification page and when i click save button im gettingthis error You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'p 1/2 MARCO'l AVE', 'matt', '3.0', '3.000', '3')' at line 1 please advice Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/#findComment-667659 Share on other sites More sharing options...
MadTechie Posted October 17, 2008 Share Posted October 17, 2008 can you post your full SQL statement Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/#findComment-667661 Share on other sites More sharing options...
mattiesams Posted October 17, 2008 Author Share Posted October 17, 2008 this is where i add - adding.php page <?php $sql = "INSERT INTO addr (TO_LOC, TO_DET1, TO_DET2, TO_DET3) VALUES ("; $sql .= $_SESSION['dsuburb']."', '".$_SESSION['dcomp']."', '".mysql_real_escape_string($_SESSION['dadd1'])."', '".$_SESSION['dadd2']. "')"; --------modify.php -when i click that i can see all the data i entered from adding.php $sql = "SELECT * FROM addr WHERE JOB_NO = ".$id; //echo $sql; $db->query($sql); if ($row = $db->next_record()) { $_SESSION['audit'] = $row; $_SESSION['dsuburb'] = $row['TO_LOC']; $_SESSION['dcomp'] = $row['TO_DET1']; $_SESSION['dadd1'] = $row['TO_DET2']; $_SESSION['dadd2'] = $row['TO_DET3']; } if want to update i will use this $sql = "UPDATE addr SET "; $sql .= ", TO_LOC = '".$_SESSION['dsuburb']."'"; $sql .= ", TO_DET1 = '".$_SESSION['dcomp']."'"; $sql .= ", TO_DET2 = '".mysql_real_escape_string($_SESSION['dadd1'])."'"; $sql .= ", TO_DET3 = '".$_SESSION['dadd2']."'"; $sql .= " WHERE JOB_NO = ".$_SESSION['jobno']; ?> when i add mysql_real_escape_string() it si working fine. but when i do update something click save then add / to dadd1 field. eg.VICTORIA\\\'L RD how can i stop that Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/#findComment-667669 Share on other sites More sharing options...
ratcateme Posted October 17, 2008 Share Posted October 17, 2008 sorry my test code was wrong it does put a \' not a " Scott. Link to comment https://forums.phpfreaks.com/topic/128786-how-to-save-with/#findComment-667673 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.