Jump to content

Recommended Posts

I have a paragraph in a text in my data table column with apostrophes and heights, like, "He'll likely grow beyond 6'6"."

 

I've tried addslashes($update), but it's not working.  (At another time I thought I had something like that.)

Is there something that will take care of it short of typing \ before every instance I use quotes, the using stripslash?

Link to comment
https://forums.phpfreaks.com/topic/310469-escaping-single-quotes-in-text/
Share on other sites

What am I replacing though?  

I searched a good amount on this topic, as addslash wasn't working.  Adding \ to the text then stripping it looks to be a work around.  I just thought there was a better way without forcing those doing the inputting to the table to add them.  It's not very native.  

 

str_replace("'","'",$update) - didn't work.  Neither did...

str_replace("'","\'",$update)

Edited by Jim R

Turns out part of the problem using an iPad to enter that specific data to the table.  Not sure why there is a difference in using ' and " on an iPad vs. a Mac, but there is.  So I changed out all the single and double quotes (very early in this process, so it's not too big of an issue at the moment), then added this line...

 

$update = mysqli_real_escape_string($con,$row['review']);
 

Then stripslash($update) when I needed output. 

PMFJI, but I ran a simple test

Text entered in form

jimr1.PNG.2d4d9fed15c2e7d543b78ab28fba5fb5.PNG

Text then stored in db table, retrieved then echoed to page

jimr2.PNG.1c7c70d963edf99d2371714ef0341d77.PNG

No escaping, adding or stripping slashes required. Just use a prepared statement. EG

<?php
include 'db_inc.php';
$db = pdoConnect('timeclock');

$db->exec("DROP TABLE IF EXISTS test_jimr");
$db->exec("CREATE TABLE IF NOT EXISTS test_jimr ( quotation varchar(50) )");
$txt = '';


if ($_SERVER['REQUEST_METHOD']=='POST') {
    
    $res = $db->prepare("INSERT INTO test_jimr VALUES (?)");
    $res->execute( [ $_POST['quote'] ] );
    
    // retrieve it and display it
    
    $res = $db->query("SELECT quotation 
                       FROM test_jimr
                       LIMIT 1 
                      ");
    $txt = "<p>" . $res->fetchColumn() . "</p>\n";
}
?>
<!DOCTYE html>
<html>
<head>
<meta http-equiv="content-language" content="en">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Example</title>
</head>
<body>
<h1>Example</h1>
<form method="post">
    Text: <input type="text" name="quote" size="40" value="">
    <input type="submit" name="btnSum" value="Submit">
</form>
<br>
<hr>
<br>
         <?=$txt?>
</body>
</html>

 

Edited by Barand
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.