I need to escape a character (') in one of my forms...actually it's in 3 different places for the same submit form.

This is for one of my mainstream sites...most of us do them, so don't bash me for asking here.

I can not add Sara's Sugar Cookies, or in the ingredients box, or directions, anything that has a ' in it. It just won't write it to the sql database.

What do I need to look for, and change, or add so I will be able to use that character...this is really starting to drive me more nuts than I already am.

I need to escape a character (') in one of my forms...actually it's in 3 different places for the same submit form.

This is for one of my mainstream sites...most of us do them, so don't bash me for asking here.

I can not add Sara's Sugar Cookies, or in the ingredients box, or directions, anything that has a ' in it. It just won't write it to the sql database.

What do I need to look for, and change, or add so I will be able to use that character...this is really starting to drive me more nuts than I already am.

Turn on your icq...........dammit

You could replace all the (') with (’) using the following on each datafield before it's added to the database.

$item1 = preg_replace("/'/","’",$item1);

But sarettah probably has a more eloquent solution.

The way i normally put a quote mark into a sql database is by replacing it with 2 quote marks.

$field2use=str_replace("'","''",$field2use)

I usually do that while building the sql string for the insert or update.

You could replace all the (') with (’) using the following on each datafield before it's added to the database.

$item1 = preg_replace("/'/","’",$item1);

But sarettah probably has a more eloquent solution.

lol. no nothing more eloquent. But what all she needs to do depends on how the var is being treated prior to that.

Grrrr, having trouble getting the board to display that snippet properly. the (’) should be ( & #146; ) without the space.

lol. no nothing more eloquent. But what all she needs to do depends on how the var is being treated prior to that.

Right, the chosen replacement string may still cause problems depending on how the strings are used when displayed.

Grrrr, having trouble getting the board to display that snippet properly. the (’) should be ( & #146; ) without the space.



Right, the chosen replacement string may still cause problems depending on how the strings are used when displayed.

Well that and if they are coming directly from the form she needs to protect against sql injection too, if that is not already happening.

I hate dealing with escapes, so I write my code to deal with them as little as possible..lol. It is the one thing about php that I don't like compared to the other languages I deal with.

My standard way of dealing with this shit if I have to is..

1. turn on mysql at the beginning of the script.
2. run all input vars through mysql_real_escape_string
3. run all input vars through addslashes
4. Stick them into the database

so.. like this

mysql_pconnect($mysql_host,$mysql_user,$mysql_ass) ;
mql_select_db($mysql_db);

$input_var=addslashes(mysql_real_escape_string($_P OST['input_var']));
$result=mysql_query("insert into database.tablename(field2insertinto)values(" . $input_var . ")");

But if the only thing I am dealing with is a single quote prob because it is a protected form or because I am doing an update routine that is not form fed then I just used the replace a single quote with 2 single quotes like I said orignally :)

It might help if you turn yours on too sweetie :rolleyes:

It might help if you turn yours on too sweetie :rolleyes:

mine is always on... in stealth mode ;p

Well that and if they are coming directly from the form she needs to protect against sql injection too, if that is not already happening.

I hate dealing with escapes, so I write my code to deal with them as little as possible..lol. It is the one thing about php that I don't like compared to the other languages I deal with.

My standard way of dealing with this shit if I have to is..

1. turn on mysql at the beginning of the script.
2. run all input vars through mysql_real_escape_string
3. run all input vars through addslashes
4. Stick them into the database

so.. like this

mysql_pconnect($mysql_host,$mysql_user,$mysql_ass) ;
mql_select_db($mysql_db);

$input_var=addslashes(mysql_real_escape_string($_P OST['input_var']));
$result=mysql_query("insert into database.tablename(field2insertinto)values(" . $input_var . ")");

But if the only thing I am dealing with is a single quote prob because it is a protected form or because I am doing an update routine that is not form fed then I just used the replace a single quote with 2 single quotes like I said orignally :)


I have that all fucked up dammit.

Helps to have coffee first.

Should not need the addslashes if I am using the mysql_real_escape as it will do the same fucking thing.

Hate when I screw that shit up.

I know I should switch to a new script, but this is the only way I get to talk with you sweetie ;)

My knight in shining armour came through for me again.

I swear if I had a kid for him every time he has helped me with this stupid script, we'd have a basketball team by now!

Thanks again Sare...I'll love you forever & a day :kiss: