Jump to content

insert single quote problem

wtp

By wtp
in MySQL Help

 Share

Recommended Posts

wtp Newbie

wtp

Posted
  • Author
Posted

The slash is only there to tell MySQL, that there's a special character right after it. When the data is inserted into MySQL, the slash is no longer there.

 

i got a problem here.

 

user insert single quote character into database ( now can insert into database).

when retrieve the data (i can retrieve data from database).

then i have to post the single quote character to URL, so that i can retrieve rest of the information from database. so can i post single quote character to URL using php? or using others way to do it?

 

 

 

 

 

Link to comment
Share on other sites
wtp Newbie

wtp

Posted
  • Author
Posted

below code is to display the contain from database and for user to select which activity want to edit and post it to URL.

 

  $sql="select * from activity";
  $query=mysql_query($sql);
  while($menu=mysql_fetch_array($query)){				
    $t = mysql_real_escape_string($menu['a_title']);
    $t = stripslashes($t);
    echo "<option value='$t'>$t</option>";
  }

 

below is to get the information from URL to display rest of infomation from database.

 

if($_GET['choose'] != NULL){
$choose=$_GET['choose'];
$s="select * from activity where a_title= '$choose'";
$q=mysql_query($s) or die (mysql_error());
$r=mysql_fetch_array($q);
$date1=mysql_real_escape_string($r['a_date']);
$title1=stripslashes($r['a_title']);
$desc1=stripslashes($r['a_desc']);
}

Link to comment
Share on other sites
Mchl Regular Member

Mchl

Posted
Posted

you means the first code or second code?

 

Considering there both using SELECT queries to retrieve information from a database, neither.

 

Actually, int the second piece of code $choose variable should go through mysql_real_escape_string to avoid possible SQL injection. Variables retrieved from query need not be passed through this function.

Link to comment
Share on other sites
wtp Newbie

wtp

Posted
  • Author
Posted

is it below what you means?

 

$sql="select * from activity";
$query=mysql_query($sql);
while($menu=mysql_fetch_array($query)){				
$t = $menu['a_title'];
echo "<option value='$t'>$t</option>";
}

 

if($_POST['choose'] != NULL){
$choose=mysql_real_escape_string($_POST['choose']);
$s="select * from activity where a_title= '$choose'";
$q=mysql_query($s) or die (mysql_error());
$r=mysql_fetch_array($q);
$date1=$r['a_date'];
$title1=stripslashes($r['a_title']);
$desc1=stripslashes($r['a_desc']);
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.