Call-911 Posted January 21, 2011 Share Posted January 21, 2011 Hello all. I have a textarea on a form that users are posting new's stories into. Most are just copy/pasteing from Word, and they need to be able to include single quotes. (ie: John's favorite store is Micky's) I can't figure out how to make the single quotes (') into double quotes ('') so MSSQL will insert them in. Any help? Here's my process code: <?php $title = $_POST['title']; $district = $_POST['district']; $central = $_POST['central']; $east = $_POST['east']; $north = $_POST['north']; $west = $_POST['west']; $story = $_POST['story']; $date = date("l, M j, Y"); $sqlpicturename = "$picturename.jpg"; $showpicture = $_POST['showpicture']; //declare the SQL statement that will query the database $query = " INSERT INTO News (district, central, east, north, west, date, title, story, picture, showpicture, show) Values ('$district' , '$central', '$east' , '$north', '$west' , '$date', '$title' , '$story', '$sqlpicturename' , '$showpicture' , 'true') "; //execute the SQL query and return records $result = mssql_query($query); //display the results echo "Thank You For Posting Your Story:<b> $title </b><br /><br /><a href='addstory.php'>Click Here To Add Another Story</a><br /><br /><a href='index.php'>Click Here To Go Back To The WebEdit Menu</a>"; echo "<br /><br />"; mssql_close(); ?> Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/ Share on other sites More sharing options...
Valakai Posted January 21, 2011 Share Posted January 21, 2011 Wrap your variables with addslashes(), which will escape the quotes and allow MSSQL to store them. Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163060 Share on other sites More sharing options...
Pikachu2000 Posted January 21, 2011 Share Posted January 21, 2011 Single quotes aren't escaped with a slash in MSSQL, they're escaped with another single quote. Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163065 Share on other sites More sharing options...
Valakai Posted January 21, 2011 Share Posted January 21, 2011 Whoops thats MySQL. Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163068 Share on other sites More sharing options...
Call-911 Posted January 21, 2011 Author Share Posted January 21, 2011 So what do I do? Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163069 Share on other sites More sharing options...
Pikachu2000 Posted January 21, 2011 Share Posted January 21, 2011 You still wouldn't use addslashes(), you'd use mysql_real_escape_string()/mysqli_real_escape_string(). Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163070 Share on other sites More sharing options...
Call-911 Posted January 21, 2011 Author Share Posted January 21, 2011 Except this is MS SQL, not mySQL :-) Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163071 Share on other sites More sharing options...
Valakai Posted January 21, 2011 Share Posted January 21, 2011 Well one solution would be to use str_replace like this $text = str_replace('\'', '\'\'', $text) Though I doubt that would be a foolproof solution. -- Gah, need to sleep soon, making too many mistakes. Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163072 Share on other sites More sharing options...
Pikachu2000 Posted January 21, 2011 Share Posted January 21, 2011 Except this is MS SQL, not mySQL :-) We posted at the same time. The post re: using mysql_real_escape_string() was to dispel any confusion about addslashes. Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163079 Share on other sites More sharing options...
Call-911 Posted January 21, 2011 Author Share Posted January 21, 2011 Well one solution would be to use str_replace like this $text = str_replace('\'', '\'\'', $text) Though I doubt that would be a foolproof solution. -- Gah, need to sleep soon, making too many mistakes. THAT WAS IT! :-) Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163083 Share on other sites More sharing options...
Pikachu2000 Posted January 21, 2011 Share Posted January 21, 2011 Since single quotes are escaped with another single quote, not escaped with slashes, or changed to a double quote, you can use str_replace to handle it. You should make sure magic_quotes_gpc() is off, or at least test for it, and if it's on run the data through stripslashes(). This can be wrapped into a function, if you want. $data = "That isn't Dave's beach ball, it's Joe's."; // Test string if( get_magic_quotes_gpc() ) { $esc_data = str_replace("'", "''", stripslashes($data)); } else { $esc_data = str_replace("'", "''", $data); } echo "<br>Before: $data<br>After: $esc_data"; // Demo results. Link to comment https://forums.phpfreaks.com/topic/225196-insert-single-quotes-from-text-area/#findComment-1163086 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.