galvin Posted August 6, 2012 Share Posted August 6, 2012 I have insert code like this... $sql="INSERT into players (lastname, firstname) VALUES ('" . mysql_prep($_POST['lastname']) . "', '" . mysql_prep($_POST['firstname']) . "')"; If I have first name like "Da'Rel", the insert goes through, but it only puts "Da" in the firstname field. Here is my mysql_prep code... function mysql_prep($value) { $magic_quotes_active = get_magic_quotes_gpc(); $new_enough_php = function_exists("mysql_real_escape_string") ; //i.e. PHP >= v4.3.0 if($new_enough_php) { //PHP v4.3.0 or higher //undo any magic quote effects so mysql_real_escape_string can do the work if($magic_quotes_active) { $value = stripslashes($value) ;} $value = mysql_real_escape_string($value); } else { //before php v4.3.0 // if magic quotes aren;t already on then add slashes manually if(!magic_quotes_active) { $value = addslashes($value); } // if magic quotes are active, then the slashes already exist } return $value; } Any idea what I need to alter in order to let single quotes go into the field (i.e. so that the full name "Da'Rel" gets inserted")? Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/ Share on other sites More sharing options...
Jessica Posted August 6, 2012 Share Posted August 6, 2012 Read about mysqli/PDO Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367326 Share on other sites More sharing options...
PFMaBiSmAd Posted August 6, 2012 Share Posted August 6, 2012 The HTML of your form is being broken by the single-quote and/or you don't have any quotes around a value="..." attribute in your form. What is the code where is this data being submitted from and where you are displaying it after retrieving it from the database table? Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367327 Share on other sites More sharing options...
Jessica Posted August 6, 2012 Share Posted August 6, 2012 The HTML of your form is being broken by the single-quote and/or you don't have any quotes around a value="..." attribute in your form. What is the code where is this data being submitted from and where you are displaying it after retrieving it from the database table? What did you read to come to that conclusion? Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367328 Share on other sites More sharing options...
PFMaBiSmAd Posted August 6, 2012 Share Posted August 6, 2012 There's nothing in the posted code that has the ability to remove characters from the data and if it was somehow terminating the data field and excluding the characters after the ', those left over bare characters would either generate an sql error or would become part of the following field's data. This symptom is typical of either a form that only submits data up to the first ' character in the data or of display code that only outputs up to the first ' character in the data. Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367341 Share on other sites More sharing options...
galvin Posted August 6, 2012 Author Share Posted August 6, 2012 Sorry, here is the code for the form. now that I see it, I'm assuming the fact that I am using single quotes for the value attribute in the form is probably not good (i.e. I should use double quotes??). I'll try that now... Form: <form id="addplayer" method="post" action="insertnewplayer.php"> First Name: <input type='input' name='firstname' size='25' value='' /><br /> Last Name: <input type='input' name='lastname' size='50' value='' /><br /> <input type='submit' name='submit' value='Submit' /><br /></form> Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367358 Share on other sites More sharing options...
galvin Posted August 6, 2012 Author Share Posted August 6, 2012 Thank you PFMaBiSmAd for asking this question... "where you are displaying it after retrieving it from the database table?". That was the problem. The full data WAS in the database, but that displaying page was using single quotes in the value attribute so it cut it off when displaying. Ugh, I hate the double quote/single quote dilemma (at least it's a dilemma for me ) Do you suggest any general theories, like maybe "Always use double quotes even though it's annoying to have to escape them"? Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367360 Share on other sites More sharing options...
galvin Posted August 6, 2012 Author Share Posted August 6, 2012 Or is there maybe some way to "clean" the database data before displaying it so it will display regardless of whether my value attribute has single or double quotes? Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367361 Share on other sites More sharing options...
PFMaBiSmAd Posted August 7, 2012 Share Posted August 7, 2012 Content that you output on a web page that might contain HTML special characters, needs to be passed through htmlentities, right before outputting it, with the second parameter set to ENT_QUOTES, so that the special HTML characters in the content won't break the HTML on the page. Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367368 Share on other sites More sharing options...
galvin Posted August 7, 2012 Author Share Posted August 7, 2012 Beautiful, thanks for sharing your knowledge! Quote Link to comment https://forums.phpfreaks.com/topic/266745-apostrophe-issues/#findComment-1367370 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.