Jump to content

Archived

This topic is now archived and is closed to further replies.

prashanth.crs

Problem with Apostrophe in textbox

Recommended Posts

Hi
I have a script which basically inserts into MySql database using PHP scirpt the valuess tored in textoxes.
the problem comes when someone has entered an apostrohe -'- in the text box...then it always returns an error saying i cannot enter...

heres the script error...WHEN I ENTER ' IN ANY OF THE FIELDS

Error: Unable to perform update: UPDATE agencies SET date_last_updated = '2006-09-22 16:24:29',agency_name = 'testing99',program_name = 'testing99',address_one = 'testing99'',address_two = 'testing99',city = 'testing99',state = '',zip = '',phone = '',fax = '',web = 'testing99',email = 'testing99',hoursoperation = 'testing99' WHERE aid = '221'; :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'testing99',city = 'testing99',state = '',zip = '',phone = '',fax

Share this post


Link to post
Share on other sites
Sounds like you need to escape your quotes.

Share this post


Link to post
Share on other sites
you've got a php script which may look like this

$insertdata = mysql_query ("INSERT INTO database SET
field1='field1'")

where field1 is the text box entry


if someone enters I AM PHP CRAZY, it will be return the code as

$insertdata = mysql_query ("INSERT INTO database SET
field1='I AM PHP CRAZY'")

but if they entered I'M PHP CRAZY, it would return the code as

$insertdata = mysql_query ("INSERT INTO database SET
field1='I'M PHP CRAZY'")

You've got an additional unwanted [b]'[/b] in there so the [b]I[/b] would be what PHP understood to be entered into the database and the [b]M PHP CRAZY'[/b] would cause an error.

Have a look on the PHP help board for more details if this solution doesn't work..

slap this bit of code into the top of your php file:

if (!get_magic_quotes_gpc()) {
$_GET = array_map('addslashes', $_GET);
$_POST = array_map('addslashes', $_POST);
$_COOKIE = array_map('addslashes', $_COOKIE);
$_REQUEST = array_map('addslashes', $_REQUEST);
}

what PHP will do then is to put a [b]\[/b] in front of your [b]'[/b] as its stored in your database. This means that PHP will ignore whatever comes immediately after a [b]\[/b] so it should work then.

I hope that works for you.
Nick

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.