2tonejoe Posted February 20, 2008 Share Posted February 20, 2008 I have user input from a web form that I am inserting into a mysql db. People are typing single quotes and it is not getting committed to the db. see example: $text = "My house is 115' wide"; how can I remove the single quote so that I can insert it into the db? Quote Link to comment Share on other sites More sharing options...
effigy Posted February 20, 2008 Share Posted February 20, 2008 You shouldn't need to alter the data. Are you using mysql_real_escape_string? Quote Link to comment Share on other sites More sharing options...
2tonejoe Posted February 20, 2008 Author Share Posted February 20, 2008 how would i use that? Quote Link to comment Share on other sites More sharing options...
effigy Posted February 20, 2008 Share Posted February 20, 2008 Check the manual? Quote Link to comment Share on other sites More sharing options...
2tonejoe Posted February 20, 2008 Author Share Posted February 20, 2008 Check the manual? i did, but I am lost on this one. How can I make the single quote safe? Quote Link to comment Share on other sites More sharing options...
thebadbad Posted February 20, 2008 Share Posted February 20, 2008 <?php $query = sprintf("INSERT INTO `table` (`row`) VALUES ('%s')", mysql_real_escape_string($text)); ?> Quote Link to comment Share on other sites More sharing options...
2tonejoe Posted February 21, 2008 Author Share Posted February 21, 2008 how could I use it in this scenario: $sql = "REPLACE INTO `cover_booking` ". "(`id`, `book_code`, `book_version`, `book_issue`, `rep_name`, `rep_number`, `ad_text`, `barcode`, `thumb_path`, `booked`, `position`, `year`, `account`, `clock`) ". "VALUES (NULL, '".$code."', '".$version."', '".$issue."', '".$name."', '".$num."', '".$adCopy."', '".$barcodie."', '".$uploaddir."', '1', '".$position."', '".$year."', '".$account."', NOW() )"; if $adCopy is the text variable. . ? Quote Link to comment Share on other sites More sharing options...
duclet Posted February 21, 2008 Share Posted February 21, 2008 Just pass $adCopy to that function and place that function where $adCopy is currently at. Quote Link to comment Share on other sites More sharing options...
2tonejoe Posted February 21, 2008 Author Share Posted February 21, 2008 got it. i re-assigned it to a new variable using mysql_escape_string Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.