Jump to content


<br> and '

  • Please log in to reply
2 replies to this topic

#1 aeris130

  • Members
  • PipPip
  • Member
  • 22 posts

Posted 28 April 2006 - 02:09 PM

So I have the following query:

$query = "INSERT INTO tbl1 VALUES ('','$name','$info','$phone','$various')";

The variables are being given their values by typing them in via text-fields, and later submited by calling insert.php.

First of all, I'm curious as to how I enable myself to type 's and still be able to submit the query. I've read about add-slashes, but I couldn't grasp it completely (that is, I know that adding \\ before ' bypasses this problem, it's the function addslashes that I haven't grasped). Could someone give an example of the above mentioned query, complete with add-slashes (unless there's a better solution, that is)?

Another problem is that any linebreaks typed into the fields, result in all data below the first linebreak being lost. Is there a way to convert linebreaks to html (I suppose <br> would suffice) upon submission?

#2 kenrbnsn

  • Staff Alumni
  • Advanced Member
  • 8,235 posts
  • LocationHillsborough, NJ, USA

Posted 28 April 2006 - 02:41 PM

Please read [a href=\"http://www.nyphp.org/phundamentals/storingretrieving.php\" target=\"_blank\"]this article[/a] which explains the need to escape quotes (and other characters) when inserting data into a database very well.

When you want to display data to the screen, us the functions nl2br() to add the "<br />" tag before a newline character and htmlenties() to keep tags in the data from screwing up the display.


#3 wildteen88

  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 28 April 2006 - 02:44 PM

To use addalshes you just do this:
$var = addslashes($var);

Also its not two \\ but one.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users