Results 1 to 10 of 10

Thread: inserting "couldn't" [Resolved]

  1. #1

    Thread Starter
    Frenzied Member ober0330's Avatar
    Join Date
    Dec 2001
    Location
    OH, USA
    Posts
    1,945

    inserting "couldn't" [Resolved]

    When I try to insert the contents of my textarea and someone has typed something like "couldn't", it yells at me because the quotation wasn't closed. It comes into the SQL query as couldn/'t, so I used stripslashes on it, and now it just won't work.

    How do I let the users put in words like that?
    Last edited by ober0330; Aug 12th, 2004 at 12:47 PM.
    format your code!! - [vbcode] [/vbcode]

    ANSWERS CAN BE FOUND HERE!!

    my personal company

  2. #2
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    You don't want to use stripslashes. You want to use addslahes. This will make the input safe to put into your SQL query by escaping single quotes with a backslash. You can read more about it here:

    http://uk2.php.net/manual/en/functio...quotes-gpc.php

    This simple function checks the argument hasn't already been escaped before using the add slashes function:
    PHP Code:
    function addslashes_smart($string)
    {
        if (!
    get_magic_quotes_gpc()) {
            return 
    addslashes($string);
        } else {
            return 
    $string;
        }

    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  3. #3

    Thread Starter
    Frenzied Member ober0330's Avatar
    Join Date
    Dec 2001
    Location
    OH, USA
    Posts
    1,945
    Why would I add more slashes??? When it goes into the URL from the form, it already adds one slash to it, so when I print out the value, it already looks like "couldn\'t". I would have thought that would have been escaped in the SQL string, but it is not.
    format your code!! - [vbcode] [/vbcode]

    ANSWERS CAN BE FOUND HERE!!

    my personal company

  4. #4
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    You use MS SQL right? It might not like the double quotes too. If the slashes are already added then you don't need to do anything. The function I gave above checks the PHP configuration and only escapes the string if it wasn't automatically escaped by PHP.

    Wth regards to your problem, give this a try:
    PHP Code:
    str_replace ("\"""\\\""$string); 
    P.s: don't use stripslashes() that will cause more problem.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  5. #5

    Thread Starter
    Frenzied Member ober0330's Avatar
    Join Date
    Dec 2001
    Location
    OH, USA
    Posts
    1,945
    Yes, I do use MS SQL. I've tried the replace and it doesn't help. And I'm not using stripslashes() anymore.

    I don't understand why this isn't working. I wonder if there is a different escape character for MS SQL.
    format your code!! - [vbcode] [/vbcode]

    ANSWERS CAN BE FOUND HERE!!

    my personal company

  6. #6

    Thread Starter
    Frenzied Member ober0330's Avatar
    Join Date
    Dec 2001
    Location
    OH, USA
    Posts
    1,945
    Ok... I found it. Obscure case: To insert a ', you have to use 2 of them.
    format your code!! - [vbcode] [/vbcode]

    ANSWERS CAN BE FOUND HERE!!

    my personal company

  7. #7
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    Well make sure you don't have an error in your query. You could also try the quotemeta() function too.
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  8. #8

    Thread Starter
    Frenzied Member ober0330's Avatar
    Join Date
    Dec 2001
    Location
    OH, USA
    Posts
    1,945
    No... it was definately the double quotes thing... I was digging through the MS SQL BOL and found that little tidbit of info.
    format your code!! - [vbcode] [/vbcode]

    ANSWERS CAN BE FOUND HERE!!

    my personal company

  9. #9
    VBA Nutter visualAd's Avatar
    Join Date
    Apr 2002
    Location
    Ickenham, UK
    Posts
    4,906
    Originally posted by ober0330
    No... it was definately the double quotes thing... I was digging through the MS SQL BOL and found that little tidbit of info.
    Did you need to double up on the double quotes for it to work or escape them with a back slash??
    PHP || MySql || Apache || Get Firefox || OpenOffice.org || Click || Slap ILMV || 1337 c0d || GotoMyPc For FREE! Part 1, Part 2

    | PHP Session --> Database Handler * Custom Error Handler * Installing PHP * HTML Form Handler * PHP 5 OOP * Using XML * Ajax * Xslt | VB6 Winsock - HTTP POST / GET * Winsock - HTTP File Upload

    Latest quote: crptcblade - VB6 executables can't be decompiled, only disassembled. And the disassembled code is even less useful than I am.

    Random VisualAd: Blog - Latest Post: When the Internet becomes Electricity!!


    Spread happiness and joy. Rate good posts.

  10. #10

    Thread Starter
    Frenzied Member ober0330's Avatar
    Join Date
    Dec 2001
    Location
    OH, USA
    Posts
    1,945
    Double quotes are fine, AFAIK. The problem was when someone used a single quote within the string. In that case, the escape character IS another single quote. Interesting.
    format your code!! - [vbcode] [/vbcode]

    ANSWERS CAN BE FOUND HERE!!

    my personal company

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width