Jump to content

Archived

This topic is now archived and is closed to further replies.

Goatman

PhP and '

Recommended Posts

I am creating (or trying) a online database of goats info. The problem I have is that some of the animal names contain ' While name with the ' is displayed fine, when I try to insert the record into the table(mysql), the querry fails.  If I work directly with mysql, I can add a record with a ' as part of value for a field.

What am I missing?

Thanks
Dave

Share this post


Link to post
Share on other sites
Try editing your query to use STR_REPLACE to insert a backslash before the '

[code]
str_replace("'", "\'", $_POST['GOATINFO']);
[/code]
Obviously change the $_POST value to the actual form value.

Edit, if that doesn't work, use

[code]addslashes($_POST['GOATINFO']);[/code]

Share this post


Link to post
Share on other sites
Can use [code=php:0] mysql_escape_real_string() [/code] or for those running older than PHP  4.3.*?? [code=php:0]mysql_escape_string()[/code]

I've been switching to that instead of using str_replace() so that I can catch other odd escape characters in mysql queries.

Share this post


Link to post
Share on other sites
Thanks for both of your suggestions. I will try them all and see how they work and learn. :D

Share this post


Link to post
Share on other sites
Well try something like MDB2. Use it's escape,prepare and execute methods. It will do all the required changes for you. And you won't need to worry for injection attacks.

By the way do never use str_replace() function to protect your code from sql injection. As instead of putting an single quote they can also try to add it's unicode equivalent where the str_replace will miss (as I remember) but mysql wont. Also there are some other special characters for the sql syntax like # which mutes your code. To protect from them use mysql_real_escape_string or something like mysqli if you use php 5 or higher

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.