By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
437,751 Members | 1,158 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 437,751 IT Pros & Developers. It's quick & easy.

single quotes

P: n/a
I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?

Apr 24 '07 #1
Share this Question
Share on Google+
8 Replies


P: n/a
charlespb69 wrote:
I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?
RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".

--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-

http://acm.asoc.fi.upm.es/~mr/
Proudly running Debian Linux with 2.6.20-1-amd64 kernel, KDE3.5.3, and PHP
5.2.0-10 generating this signature.
Uptime: 20:31:19 up 1 day, 6:50, 2 users, load average: 0.97, 0.79, 0.76

Apr 24 '07 #2

P: n/a
Rik
Iván Sánchez Ortega wrote:
charlespb69 wrote:
>I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?

RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".
I thought always, always, always :P

(Not true though, often you can use intval()/floatval(), possibly aided
by foreign key checks.)

--
Rik Wasmus
Apr 24 '07 #3

P: n/a
I use variable casting instead when the input should be a number. I don't use intval() or floatval() unless I need a base change.

Also, if you are using MySQLi instead and prefer OOP-style, then your method would be

$mysqliObj->real_escape_string()
Apr 24 '07 #4

P: n/a
Rik wrote:
Iván Sánchez Ortega wrote:
>charlespb69 wrote:
>>I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?


RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".


I thought always, always, always :P

(Not true though, often you can use intval()/floatval(), possibly aided
by foreign key checks.)
Also, check that magic_quotes (http://php.net/magic_quotes) is
unset.

--
Bruno Barberi Gnecco <brunobg_at_users.sourceforge.net>
Imbalance of power corrupts and monopoly of power corrupts absolutely.
-- Genji
Apr 24 '07 #5

P: n/a
Bruno Barberi Gnecco <br***************@users.sourceforge.netwrote in
news:f0*********@news3.newsguy.com:

>I thought always, always, always :P

(Not true though, often you can use intval()/floatval(), possibly aided
by foreign key checks.)

Also, check that magic_quotes (http://php.net/magic_quotes) is
unset.
and don't do it on arrays themselves
Apr 24 '07 #6

P: n/a
On Apr 24, 11:31 am, Iván Sánchez Ortega <ivansanchez-...@rroba-
escomposlinux.-.punto.-.orgwrote:
charlespb69 wrote:
I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?

RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".

--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-

http://acm.asoc.fi.upm.es/~mr/
Proudly running Debian Linux with 2.6.20-1-amd64 kernel, KDE3.5.3, and PHP
5.2.0-10 generating this signature.
Uptime: 20:31:19 up 1 day, 6:50, 2 users, load average: 0.97, 0.79, 0.76
What does RTFM mean - Read the f__cking manual?

Apr 26 '07 #7

P: n/a
charlespb69 wrote:
On Apr 24, 11:31 am, Iván Sánchez Ortega <ivansanchez-...@rroba-
escomposlinux.-.punto.-.orgwrote:
>charlespb69 wrote:
>>I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?
RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".

--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-

http://acm.asoc.fi.upm.es/~mr/
Proudly running Debian Linux with 2.6.20-1-amd64 kernel, KDE3.5.3, and PHP
5.2.0-10 generating this signature.
Uptime: 20:31:19 up 1 day, 6:50, 2 users, load average: 0.97, 0.79, 0.76

What does RTFM mean - Read the f__cking manual?
Yes.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 26 '07 #8

P: n/a
Rik
Jerry Stuckle wrote:
charlespb69 wrote:
>On Apr 24, 11:31 am, Iván Sánchez Ortega <ivansanchez-...@rroba-
escomposlinux.-.punto.-.orgwrote:
>>charlespb69 wrote:
I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?
RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".

What does RTFM mean - Read the f__cking manual?

Yes.
Or, "Read The Fine Manual" for the faint of heart, just to stress the
manual is really giving a clear answer :-)

--
Rik Wasmus

Estimated date being able to walk again: 01-05-2007.
Less then a week, hurray!
Apr 26 '07 #9

This discussion thread is closed

Replies have been disabled for this discussion.