php_begins Posted October 14, 2011 Share Posted October 14, 2011 how do i handle single quotes in sql query " SELECT name from phrase WHERE name='$stitle' "; this returns an error because the name contains single quotes like this: Johnson's. Link to comment https://forums.phpfreaks.com/topic/249145-handle-single-quotes-in-select-statement/ Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 mysql_real_escape_string() Link to comment https://forums.phpfreaks.com/topic/249145-handle-single-quotes-in-select-statement/#findComment-1279450 Share on other sites More sharing options...
php_begins Posted October 14, 2011 Author Share Posted October 14, 2011 do i have to reconvert them to something before displaying? Link to comment https://forums.phpfreaks.com/topic/249145-handle-single-quotes-in-select-statement/#findComment-1279451 Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 maybe, but that has nothing to do with using mysql_real_escape_string(). The function mysql_real_escape_string() will simply escape input to make it safe for a DB query. But, the stored value is not the escaped value. So if you have the value "O'Reilly" and want to insert it into the database. mysql_real_escape_string() will convert that to "O\'Reilly". But, the "\" just tells the MySQL engine to treat the apostrophe as a literal value and not a delimiter - so the DB treats it as the string "O'Reilly" and that is what would be stored in the database. Now, when you go to display that in an HTML page you will execute a query and get the value, which will be "O'Reilly". But, depending on how you plan to use the value you may need to do a transformation. For example, if you plan to use the value to populate a text inut field you will need to run it though htlmspecialcharacters() or htmlentities() - otherwise it could corrupt your HTML code This would not be good: <input type='text' name='last_name' value='O'Reilly'> Link to comment https://forums.phpfreaks.com/topic/249145-handle-single-quotes-in-select-statement/#findComment-1279463 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.