Current location: Hot Scripts Forums » Programming Languages » PHP » apostrophes error while inserting variables containing them in database


apostrophes error while inserting variables containing them in database

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 06-30-06, 08:06 PM
zitwep zitwep is offline
Wannabe Coder
  
Join Date: Aug 2005
Posts: 108
Thanks: 0
Thanked 0 Times in 0 Posts
apostrophes error while inserting variables containing them in database
Hey,

I am having the following problem.

I have variables saved which might include apostrophes, and insert them into my database this way: "INSERT INTO members (name) ('" . $var . "');";

now that would not work when somebody used an apostrophe in the news (in my case it is a news posting script, and $var is the news).

How would i prevent that from happening, i do not know another way to insert into database, i hope there is an easy way. If not could you explain me? I thought about perhaps you have to search the variable for apostrophes and put a \ in front but dont even ask how to do that.

Anyway hoping for your support, and thanks a lot in advance as usual

best regards
max
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #2 (permalink)  
Old 06-30-06, 10:34 PM
mab's Avatar
mab mab is offline
Community VIP
  
Join Date: Oct 2005
Location: Denver, Co. USA
Posts: 2,674
Thanks: 0
Thanked 0 Times in 0 Posts
Depending on the magic quotes setting, data that comes from a form/post normally has the single and double quotes escaped (along with nulls and backslashes). It would appear that this setting is off on your server.

To escape these in your data before inserting it into your database, use the PHP addslashes function - http://www.php.net/manual/en/function.addslashes.php
__________________
Error checking, error reporting, and error recovery. If your code does not have these to get it to tell you why it is not working, what makes you think someone in a programming forum will be able to tell you why it is not working???
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
  #3 (permalink)  
Old 06-30-06, 11:16 PM
Keith's Avatar
Keith Keith is offline
Community Liaison
  
Join Date: Feb 2004
Posts: 1,232
Thanks: 1
Thanked 11 Times in 11 Posts
It is actually safer and generally better recommended to use mysql_real_escape_string() as opposed to addslashes(), though 99% of the time addslashes() is sufficient.
__________________
The toxic ZCE
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiShare on FacebookShare on Stumble UponShare on Twitter
Reply With Quote
Reply

Bookmarks

« session did not distroy | Cannot Redeclare Error »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
inserting and retrieving date and time from mysql database stealth04 PHP 5 07-29-04 12:19 PM
inserting Filename + extension into the database mcrob PHP 5 07-21-04 04:22 AM
Variables from templates in the database dannyallen PHP 0 06-28-04 04:49 PM
Displaying variables from the database mishmia PHP 2 05-14-04 08:42 PM
php/mysql inserting twice into database with IE 6 sky4est PHP 3 04-22-04 01:46 PM


All times are GMT -5. The time now is 11:06 AM.
vBulletin® Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.