Jump to content

PhP and '


Goatman

Recommended Posts

I am creating (or trying) a online database of goats info. The problem I have is that some of the animal names contain ' While name with the ' is displayed fine, when I try to insert the record into the table(mysql), the querry fails.  If I work directly with mysql, I can add a record with a ' as part of value for a field.

What am I missing?

Thanks
Dave
Link to comment
Share on other sites

Try editing your query to use STR_REPLACE to insert a backslash before the '

[code]
str_replace("'", "\'", $_POST['GOATINFO']);
[/code]
Obviously change the $_POST value to the actual form value.

Edit, if that doesn't work, use

[code]addslashes($_POST['GOATINFO']);[/code]
Link to comment
Share on other sites

Can use [code=php:0] mysql_escape_real_string() [/code] or for those running older than PHP  4.3.*?? [code=php:0]mysql_escape_string()[/code]

I've been switching to that instead of using str_replace() so that I can catch other odd escape characters in mysql queries.
Link to comment
Share on other sites

Well try something like MDB2. Use it's escape,prepare and execute methods. It will do all the required changes for you. And you won't need to worry for injection attacks.

By the way do never use str_replace() function to protect your code from sql injection. As instead of putting an single quote they can also try to add it's unicode equivalent where the str_replace will miss (as I remember) but mysql wont. Also there are some other special characters for the sql syntax like # which mutes your code. To protect from them use mysql_real_escape_string or something like mysqli if you use php 5 or higher
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.