billy_111 Posted June 16, 2010 Share Posted June 16, 2010 Hey, I have the following update statement: public function updateReviews(){ if(is_numeric($_POST['ID'])){ $body = mysql_real_escape_string($_POST['body']); $body = str_replace(''', '', $body); $address = mysql_real_escape_string($_POST['address']); $other = mysql_real_escape_string($_POST['other']); $admission = mysql_real_escape_string(htmlentities($_POST['admission'])); $sql = "UPDATE tbl_reviews SET catID = '".mysql_real_escape_string($_POST['catID'])."', title = '".mysql_real_escape_string($_POST['title'])."', body = '$body', address = '$address', postcode = '".mysql_real_escape_string($_POST['postcode'])."', tel = '".mysql_real_escape_string($_POST['tel'])."', website = '".mysql_real_escape_string($_POST['website'])."', admission = '$admission', other = '$other', date_added = now() WHERE ID = ".$_POST['ID'].""; print_r(mysql_error()); $result = mysql_query($sql) or die(mysql_error()); return $result; }else{ die('ID needs to be numeric'); } } When i run this this line does not really work: $body = str_replace(''', '', $body); If you look at this page: http://freemanholland.com/babies/reviews/?ID=9 And look at the "Smithills Country Park" review, you will see that where there should be an apostrophe it shows the word like this: you\\\'re Any ideas why this is? Thanks Quote Link to comment Share on other sites More sharing options...
F1Fan Posted June 16, 2010 Share Posted June 16, 2010 What exactly are you trying to do? The reason you're getting \\\' is because you're escaping it, and I assume that it has already been escaped, so it's being double-escaped. Also, this line needs to be this way, if that's what you want: $body = str_replace("'", '', $body); or $body = str_replace('\'', '', $body); Quote Link to comment Share on other sites More sharing options...
shadiadiph Posted June 16, 2010 Share Posted June 16, 2010 yes that's right but i use this to replace all apostrophies saves them as ' in the database $quote1="'"; $body= str_replace($quote1,"'",$body); Quote Link to comment Share on other sites More sharing options...
F1Fan Posted June 16, 2010 Share Posted June 16, 2010 I don't understand why you're replacing ' and doing an escape string? Just do the escape, and you're done. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.