Quote within a quote

[GrayFox12]

Hi guys,

 

Got a problem with selecting, adding updation and deleting from my database using php with a specific record which has a quote in it....

 

"Invercargill City Council - EIL In'gill"

 

Now when i select it or try add it etc it comes up with "Line 1: Incorrect syntax near 'gill'."

 

When i display what its actually trying to select it has escape characters

 

"Invercargill City Council - EIL In\\\'gill"

 

i think its getting confused with this quote, how do i check if the string is like the one above and then change it it to the right value. what is syntax?  is it somethin like...

 

"Invercargill City Council - EIL In\'gill"

 

please help!

 

 

And no i cant change the value of the record inside the database.

[cooldude832]

http://us2.php.net/manual/en/function.stripslashes.php

 

I'll elaborate.  Certain characters like Quotes, $, @, * etc are special characters that have functions/operations in php thus they are escaped with a slash before.  You just need to mind em in/out of the database and you'll be find.

[darkfreaks]

<?php

$string=stripslashes($_POST[string]);?>

[markjoe]

I am wondering why it got 3 slashes. I am not sure if the replies addressed this fully or not.

When inserting, you want to use mysql_real_escape_string() (assuming you're using MySQL).

When displaying (after a select), use stripslashes().

I do not use magic_quotes, and do not ever plan to (so, I do not know all the details of it).

However, if yours is on, you should to read this:

http://us2.php.net/magic_quotes

 

Hopefully one of us hit it.

 

If you are having further trouble, post the relevent code.

[darkfreaks]

yeah you should really use

 

<?php
$string=mysql_real_escape_string(stripslashes($_POST[string]));?>

[GrayFox12]

TRied that strip slashes returns the right value but i still get that error

[darkfreaks]

try the code i just pasted and then tell me what you get

[cooldude832]

what error? strip slashes will only remove 1 slash before a special operator, not the \\\\\" that will return \\\" you might need to recreate the db value without the reslashing.

[GrayFox12]

$val = stripslashes($_GET['val']);

$v = stripslashes($val);

 

I had to use stripslashes twice to get rid of all the slashes.  When i echo $v it has the right value.  But i still get that same error

[cooldude832]

Is this a field that gets updated,  Odds are you inputted it once normal, then you tried editing off a form and the output had slashes thus you got this down river affect of slashes.  Just recreate the DB entry and see how it looks.  Also as said check magic quotes

[GrayFox12]

im using mssql.  do i have to turn magic quotes off or something.  I havent got one to updating yet, what im doing at the moment is selecting the value from a combo box which submits the for i then take that value and reload my form with the query based on that value.

 

$opt = $_GET['option'];

$val = stripslashes($_GET['val']);

$v = stripslashes($val);

 

echo $v;

if ($opt == 'l') {

 

 

$query = "SELECT * FROM X_LightOwner WHERE [Light Owner] = '$v'";

}

else {

$query = "SELECT * FROM X_LightOwner";

}

 

 

Every other option works except for this specific 1