2tonejoe Posted February 20, 2008 Share Posted February 20, 2008 I have user input from a web form that I am inserting into a mysql db. People are typing single quotes and it is not getting committed to the db. see example: $text = "My house is 115' wide"; how can I remove the single quote so that I can insert it into the db? Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/ Share on other sites More sharing options...
effigy Posted February 20, 2008 Share Posted February 20, 2008 You shouldn't need to alter the data. Are you using mysql_real_escape_string? Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472068 Share on other sites More sharing options...
2tonejoe Posted February 20, 2008 Author Share Posted February 20, 2008 how would i use that? Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472074 Share on other sites More sharing options...
effigy Posted February 20, 2008 Share Posted February 20, 2008 Check the manual? Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472076 Share on other sites More sharing options...
2tonejoe Posted February 20, 2008 Author Share Posted February 20, 2008 Check the manual? i did, but I am lost on this one. How can I make the single quote safe? Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472100 Share on other sites More sharing options...
thebadbad Posted February 20, 2008 Share Posted February 20, 2008 <?php $query = sprintf("INSERT INTO `table` (`row`) VALUES ('%s')", mysql_real_escape_string($text)); ?> Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472119 Share on other sites More sharing options...
2tonejoe Posted February 21, 2008 Author Share Posted February 21, 2008 how could I use it in this scenario: $sql = "REPLACE INTO `cover_booking` ". "(`id`, `book_code`, `book_version`, `book_issue`, `rep_name`, `rep_number`, `ad_text`, `barcode`, `thumb_path`, `booked`, `position`, `year`, `account`, `clock`) ". "VALUES (NULL, '".$code."', '".$version."', '".$issue."', '".$name."', '".$num."', '".$adCopy."', '".$barcodie."', '".$uploaddir."', '1', '".$position."', '".$year."', '".$account."', NOW() )"; if $adCopy is the text variable. . ? Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472796 Share on other sites More sharing options...
duclet Posted February 21, 2008 Share Posted February 21, 2008 Just pass $adCopy to that function and place that function where $adCopy is currently at. Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472802 Share on other sites More sharing options...
2tonejoe Posted February 21, 2008 Author Share Posted February 21, 2008 got it. i re-assigned it to a new variable using mysql_escape_string Link to comment https://forums.phpfreaks.com/topic/92163-text-formatting/#findComment-472864 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.