Jump to content

Single Quote and Special Character Question...

overlordofevil

By overlordofevil
in PHP Coding Help

 Share

Recommended Posts

overlordofevil Member

overlordofevil

Posted
Posted

Hey all,

 

I have a question and its probably a really simple thing to figure out but i am drawing a blank on how to do it.

 

Basically I am trying to use single quotes or special characters when inputting data into my db but i have errors that come up.

 

with the single quotes if I put in a name like de'salla or I use it in a contraction like it's, her's etc it will store in my db but when I try to use the data in another string or query I always get an error with php where it breaks on the single quote and won't continue to process the request.

 

So I have 2 variables

 

$name = De'salla;

$reason = "Update for user $name";

 

When I go to insert the value Reason the query will error out becasue the $name value has a single quote in it.

This is the basic issues and I know you might need more info but I am wondering is there a php function out that that i can use to correct this issue.

 

Thanks

Bill

Link to comment
Share on other sites
schilly Regular Member

schilly

Posted
Posted

any strings you input into a database need to be escaped. meaning quotes and special characters get formatted to db friendly values (ie. " or ' goes to \" and \'). This is so:

 

-your code doesn't break

-people don't try to inject into your database (search form injection for an example).

 

here is what i do for all my queries:

 

$sql = sprintf("INSERT INTO table (string_a,string_b) VALUES ('%s','%s','%s','%s')", mysql_real_escape_string($string), mysql_real_escape_string($string));

 

use sprintf to insert strings, ints, decimals etc to your sql string. use mysql_real_escape_string on strings to escape any special characters.

 

 

Link to comment
Share on other sites
overlordofevil Member

overlordofevil

Posted
  • Author
Posted

cool sounds simple enough. :)

 

so with the characters being  escaped to make them db friendly if I do a query to call the same values and echo them on the screen will they display correctly or will i have the backslash in it..

 

I appreciate you guys explaining this to me just got confused on it. :)

 

Thanks again

Bill

Link to comment
Share on other sites
overlordofevil Member

overlordofevil

Posted
  • Author
Posted

Thank you both for the feedback and help..

 

I used the code example to help modify my code and it made things work with no issues.

 

Just one other question.. do special characters like & or % get taken care of by this function or is there another one i need to use.

 

Thanks

Bill

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.