Jump to content

apostrophe issues


galvin

Recommended Posts

I have insert code like this...

$sql="INSERT into players (lastname, firstname) VALUES ('" . mysql_prep($_POST['lastname']) . "', '" . mysql_prep($_POST['firstname']) . "')"; 

 

If I have first name like "Da'Rel", the insert goes through, but it only puts "Da" in the firstname field. 

 

Here is my mysql_prep code...

 

	function mysql_prep($value) {
	$magic_quotes_active = get_magic_quotes_gpc();
	$new_enough_php = function_exists("mysql_real_escape_string") ; //i.e. PHP >= v4.3.0
	if($new_enough_php) { //PHP v4.3.0 or higher
		//undo any magic quote effects so mysql_real_escape_string can do the work
		if($magic_quotes_active) { $value = stripslashes($value) ;}
		$value = mysql_real_escape_string($value);
	} else { //before php v4.3.0
		// if magic quotes aren;t already on then add slashes manually
		if(!magic_quotes_active) { $value = addslashes($value); }
		// if magic quotes are active, then the slashes already exist
	}
	return $value;
}

 

Any idea what I need to alter in order to let single quotes go into the field (i.e. so that the full name "Da'Rel" gets inserted")?

 

Link to comment
Share on other sites

The HTML of your form is being broken by the single-quote and/or you don't have any quotes around a value="..." attribute in your form. What is the code where is this data being submitted from and where you are displaying it after retrieving it from the database table?

Link to comment
Share on other sites

The HTML of your form is being broken by the single-quote and/or you don't have any quotes around a value="..." attribute in your form. What is the code where is this data being submitted from and where you are displaying it after retrieving it from the database table?

What did you read to come to that conclusion?

Link to comment
Share on other sites

There's nothing in the posted code that has the ability to remove characters from the data and if it was somehow terminating the data field and excluding the characters after the ', those left over bare characters would either generate an sql error or would become part of the following field's data.

 

This symptom is typical of either a form that only submits data up to the first ' character in the data or of display code that only outputs up to the first ' character in the data.

Link to comment
Share on other sites

Sorry, here is the code for the form.  now that I see it, I'm assuming the fact that I am using single quotes for the value attribute in the form is probably not good (i.e. I should use double quotes??). I'll try that now...

 

Form:

<form id="addplayer" method="post" action="insertnewplayer.php">

First Name: <input type='input' name='firstname' size='25' value='' /><br />
Last Name: <input type='input' name='lastname' size='50' value='' /><br />

<input type='submit' name='submit'  value='Submit' /><br /></form>

 

 

Link to comment
Share on other sites

Thank you PFMaBiSmAd for asking this question... "where you are displaying it after retrieving it from the database table?".  That was the problem.  The full data WAS in the database, but that displaying page was using single quotes in the value attribute so it cut it off when displaying. 

 

Ugh, I hate the double quote/single quote dilemma (at least it's a dilemma for me :) )

 

Do you suggest any general theories, like maybe "Always use double quotes even though it's annoying to have to escape them"?

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.