|
-
Aug 12th, 2004, 08:35 AM
#1
Thread Starter
Frenzied Member
inserting "couldn't" [Resolved]
When I try to insert the contents of my textarea and someone has typed something like "couldn't", it yells at me because the quotation wasn't closed. It comes into the SQL query as couldn/'t, so I used stripslashes on it, and now it just won't work.
How do I let the users put in words like that?
Last edited by ober0330; Aug 12th, 2004 at 12:47 PM.
-
Aug 12th, 2004, 10:37 AM
#2
You don't want to use stripslashes. You want to use addslahes. This will make the input safe to put into your SQL query by escaping single quotes with a backslash. You can read more about it here:
http://uk2.php.net/manual/en/functio...quotes-gpc.php
This simple function checks the argument hasn't already been escaped before using the add slashes function:
PHP Code:
function addslashes_smart($string)
{
if (!get_magic_quotes_gpc()) {
return addslashes($string);
} else {
return $string;
}
}
-
Aug 12th, 2004, 12:15 PM
#3
Thread Starter
Frenzied Member
Why would I add more slashes??? When it goes into the URL from the form, it already adds one slash to it, so when I print out the value, it already looks like "couldn\'t". I would have thought that would have been escaped in the SQL string, but it is not.
-
Aug 12th, 2004, 12:26 PM
#4
You use MS SQL right? It might not like the double quotes too. If the slashes are already added then you don't need to do anything. The function I gave above checks the PHP configuration and only escapes the string if it wasn't automatically escaped by PHP.
Wth regards to your problem, give this a try:
PHP Code:
str_replace ("\"", "\\\"", $string);
P.s: don't use stripslashes() that will cause more problem.
-
Aug 12th, 2004, 12:37 PM
#5
Thread Starter
Frenzied Member
Yes, I do use MS SQL. I've tried the replace and it doesn't help. And I'm not using stripslashes() anymore.
I don't understand why this isn't working. I wonder if there is a different escape character for MS SQL.
-
Aug 12th, 2004, 12:47 PM
#6
Thread Starter
Frenzied Member
-
Aug 12th, 2004, 12:48 PM
#7
Well make sure you don't have an error in your query. You could also try the quotemeta() function too.
-
Aug 12th, 2004, 12:53 PM
#8
Thread Starter
Frenzied Member
No... it was definately the double quotes thing... I was digging through the MS SQL BOL and found that little tidbit of info.
-
Aug 12th, 2004, 04:04 PM
#9
Originally posted by ober0330
No... it was definately the double quotes thing... I was digging through the MS SQL BOL and found that little tidbit of info.
Did you need to double up on the double quotes for it to work or escape them with a back slash??
-
Aug 13th, 2004, 07:16 AM
#10
Thread Starter
Frenzied Member
Double quotes are fine, AFAIK. The problem was when someone used a single quote within the string. In that case, the escape character IS another single quote. Interesting.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|