Beauford Posted March 25, 2009 Share Posted March 25, 2009 I have tried every iteration of mysql_real_escape_string, htmlemenities, etc., etc. and still can not get the damn apostrophe to show up in my form field, or when extracting it via a mysql select. My eyes are bloodshot reading the millions of posts by other users with the same problem. Is there actually a way to do this, or should I just put a note on my site to change your name if it has an apostrophe in it. ??? Any help is hugely appreciated, but note that I have tried hundreds of fixes that obviously have not solved the problem. Thanks B. Quote Link to comment Share on other sites More sharing options...
Mchl Posted March 25, 2009 Share Posted March 25, 2009 Show us the code you have now. Quote Link to comment Share on other sites More sharing options...
br0ken Posted March 25, 2009 Share Posted March 25, 2009 You could try this... Before you insert the apostrophe into the database, use str_replace to change all apostrophe's to something else like <apos> or [apos] or something else that won't be used in normal text. When extracting information from the database use str_replace to replace the placeholder for an apostrophe. Would that work? Quote Link to comment Share on other sites More sharing options...
Mchl Posted March 26, 2009 Share Posted March 26, 2009 It would, but why bother. There are simpler ways. Basically using mysql_real_escape_string() before inserting data to database is enough. One thing to check is if magic_quotes are enabled though. Quote Link to comment Share on other sites More sharing options...
a-scripts.com Posted March 26, 2009 Share Posted March 26, 2009 basically when you are saving string with aphostrophes to db use mysql_real_escape_string() to escape it .. in fact you should use the function for any value you are saving to db but first make sure that magic_quotes are off. If it is not then use stripslashes() first. Then when reading from db you have to call stripslashes() to remove escaping. Finally if you want to show it correctly inside text field or plain html use htmlentities(). If you want to show in textarea then do not use htmlentities() Quote Link to comment Share on other sites More sharing options...
Mchl Posted March 26, 2009 Share Posted March 26, 2009 Then when reading from db you have to call stripslashes() to remove escaping. No need for this step. Quote Link to comment Share on other sites More sharing options...
a-scripts.com Posted March 26, 2009 Share Posted March 26, 2009 Then when reading from db you have to call stripslashes() to remove escaping. No need for this step. well, if you wanted to display the string without removing escaping would not you get something like "No I wouldn\'t ... " ? Quote Link to comment Share on other sites More sharing options...
Mchl Posted March 26, 2009 Share Posted March 26, 2009 Except that when using mysql_real_escape_string, the slashes are not stored into database, so there's nothing to remove. Do me a favour and run this code <?php $mysqli = new mysqli("localhost","root","root","test"); $string = "O'Reilly"; $query = "CREATE TABLE tab1 (stringColumn VARCHAR(30) NOT NULL)"; $mysqli->query($query); $stringEscaped = $mysqli->real_escape_string($string); $query = "INSERT INTO tab1 (stringColumn) VALUES ('$stringEscaped')"; $mysqli->query($query); $query = "SELECT * FROM tab1"; $result = $mysqli->query($query); while ($row = $result->fetch_assoc()) { echo $row['stringColumn']; } $query = "DROP TABLE tab1"; $mysqli->query($query); ?> the assumption is, that magic_quotes are disabled here oc Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.