Jump to content


Photo

Problem with Apostrophe in textbox


  • Please log in to reply
2 replies to this topic

#1 prashanth.crs

prashanth.crs
  • New Members
  • Pip
  • Newbie
  • 1 posts

Posted 22 September 2006 - 09:38 PM

Hi
I have a script which basically inserts into MySql database using PHP scirpt the valuess tored in textoxes.
the problem comes when someone has entered an apostrohe -'- in the text box...then it always returns an error saying i cannot enter...

heres the script error...WHEN I ENTER ' IN ANY OF THE FIELDS

Error: Unable to perform update: UPDATE agencies SET date_last_updated = '2006-09-22 16:24:29',agency_name = 'testing99',program_name = 'testing99',address_one = 'testing99'',address_two = 'testing99',city = 'testing99',state = '',zip = '',phone = '',fax = '',web = 'testing99',email = 'testing99',hoursoperation = 'testing99' WHERE aid = '221'; :You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'testing99',city = 'testing99',state = '',zip = '',phone = '',fax


#2 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 25 September 2006 - 03:10 AM

Sounds like you need to escape your quotes.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#3 nickholt1972

nickholt1972
  • Members
  • PipPipPip
  • Advanced Member
  • 30 posts
  • LocationBury, Lancs, UK

Posted 25 September 2006 - 11:56 AM

you've got a php script which may look like this

$insertdata = mysql_query ("INSERT INTO database SET
field1='field1'")

where field1 is the text box entry


if someone enters I AM PHP CRAZY, it will be return the code as

$insertdata = mysql_query ("INSERT INTO database SET
field1='I AM PHP CRAZY'")

but if they entered I'M PHP CRAZY, it would return the code as

$insertdata = mysql_query ("INSERT INTO database SET
field1='I'M PHP CRAZY'")

You've got an additional unwanted ' in there so the I would be what PHP understood to be entered into the database and the M PHP CRAZY' would cause an error.

Have a look on the PHP help board for more details if this solution doesn't work..

slap this bit of code into the top of your php file:

if (!get_magic_quotes_gpc()) {
$_GET = array_map('addslashes', $_GET);
$_POST = array_map('addslashes', $_POST);
$_COOKIE = array_map('addslashes', $_COOKIE);
$_REQUEST = array_map('addslashes', $_REQUEST);
}

what PHP will do then is to put a \ in front of your ' as its stored in your database. This means that PHP will ignore whatever comes immediately after a \ so it should work then.

I hope that works for you.
Nick

Nick Holt - Future Guru




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users