wtp Posted April 14, 2009 Share Posted April 14, 2009 hi all, is it possible that insert the single quote character into MySQL? regards stephen Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/ Share on other sites More sharing options...
Mchl Posted April 14, 2009 Share Posted April 14, 2009 Yes there is mysql_real_escape_string Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809345 Share on other sites More sharing options...
wtp Posted April 14, 2009 Author Share Posted April 14, 2009 it will have slash before the single quote right? it not very nice look. can remove the slash? Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809349 Share on other sites More sharing options...
Mchl Posted April 14, 2009 Share Posted April 14, 2009 The slash is only there to tell MySQL, that there's a special character right after it. When the data is inserted into MySQL, the slash is no longer there. Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809353 Share on other sites More sharing options...
wtp Posted April 14, 2009 Author Share Posted April 14, 2009 The slash is only there to tell MySQL, that there's a special character right after it. When the data is inserted into MySQL, the slash is no longer there. i got a problem here. user insert single quote character into database ( now can insert into database). when retrieve the data (i can retrieve data from database). then i have to post the single quote character to URL, so that i can retrieve rest of the information from database. so can i post single quote character to URL using php? or using others way to do it? Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809359 Share on other sites More sharing options...
Mchl Posted April 14, 2009 Share Posted April 14, 2009 Please explain. Perhaps you could show us some code concerning the problem... Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809369 Share on other sites More sharing options...
wtp Posted April 14, 2009 Author Share Posted April 14, 2009 below code is to display the contain from database and for user to select which activity want to edit and post it to URL. $sql="select * from activity"; $query=mysql_query($sql); while($menu=mysql_fetch_array($query)){ $t = mysql_real_escape_string($menu['a_title']); $t = stripslashes($t); echo "<option value='$t'>$t</option>"; } below is to get the information from URL to display rest of infomation from database. if($_GET['choose'] != NULL){ $choose=$_GET['choose']; $s="select * from activity where a_title= '$choose'"; $q=mysql_query($s) or die (mysql_error()); $r=mysql_fetch_array($q); $date1=mysql_real_escape_string($r['a_date']); $title1=stripslashes($r['a_title']); $desc1=stripslashes($r['a_desc']); } Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809380 Share on other sites More sharing options...
trq Posted April 14, 2009 Share Posted April 14, 2009 You escape data on the way into the database, not out of the database. Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809381 Share on other sites More sharing options...
wtp Posted April 14, 2009 Author Share Posted April 14, 2009 You escape data on the way into the database, not out of the database. you means the first code or second code? sorry, im newbie. ( Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809394 Share on other sites More sharing options...
trq Posted April 14, 2009 Share Posted April 14, 2009 you means the first code or second code? Considering there both using SELECT queries to retrieve information from a database, neither. Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809541 Share on other sites More sharing options...
Mchl Posted April 14, 2009 Share Posted April 14, 2009 you means the first code or second code? Considering there both using SELECT queries to retrieve information from a database, neither. Actually, int the second piece of code $choose variable should go through mysql_real_escape_string to avoid possible SQL injection. Variables retrieved from query need not be passed through this function. Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-809564 Share on other sites More sharing options...
wtp Posted April 16, 2009 Author Share Posted April 16, 2009 is it below what you means? $sql="select * from activity"; $query=mysql_query($sql); while($menu=mysql_fetch_array($query)){ $t = $menu['a_title']; echo "<option value='$t'>$t</option>"; } if($_POST['choose'] != NULL){ $choose=mysql_real_escape_string($_POST['choose']); $s="select * from activity where a_title= '$choose'"; $q=mysql_query($s) or die (mysql_error()); $r=mysql_fetch_array($q); $date1=$r['a_date']; $title1=stripslashes($r['a_title']); $desc1=stripslashes($r['a_desc']); } Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-811083 Share on other sites More sharing options...
wtp Posted April 16, 2009 Author Share Posted April 16, 2009 my problem is a_title containing single quote from database eg: ab'cde when come to second code, i echo $_POST['choose'] , it only show ab. Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-811086 Share on other sites More sharing options...
mandred Posted April 16, 2009 Share Posted April 16, 2009 Escape every single variable then. Link to comment https://forums.phpfreaks.com/topic/153976-insert-single-quote-problem/#findComment-811370 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.