handle single quotes in select statement

[php_begins]

how do i handle single quotes in sql query

 

" SELECT name from phrase WHERE name='$stitle' ";

this returns an error because the name contains single quotes like this:

Johnson's.

[Psycho]

mysql_real_escape_string()

[php_begins]

do i have to reconvert them to something before displaying?

[Psycho]

maybe, but that has nothing to do with using mysql_real_escape_string().

 

The function mysql_real_escape_string() will simply escape input to make it safe for a DB query. But, the stored value is not the escaped value. So if you have the value "O'Reilly" and want to insert it into the database. mysql_real_escape_string() will convert that to "O\'Reilly". But, the "\" just tells the MySQL engine to treat the apostrophe as a literal value and not a delimiter - so the DB treats it as the string "O'Reilly" and that is what would be stored in the database.

 

Now, when you go to display that in an HTML page you will execute a query and get the value, which will be "O'Reilly". But, depending on how you plan to use the value you may need to do a transformation. For example, if you plan to use the value to populate a text inut field you will need to run it though htlmspecialcharacters() or htmlentities() - otherwise it could corrupt your HTML code

 

This would not be good:

<input type='text' name='last_name' value='O'Reilly'>