A ' in a MySQL message

SteveJobs · August 10, 2004, 8:28am

Hello,
I am a problem that has turned out to be very serious for me. It’s the following:
I have a very usual PHP script that is supposed to access a MySQL database and delete what people can enter into a form before. This works perfectly, until someone had the idea to put a ’ into the form. Since the MySQL commands look something like this:
DELETE FROM sprachen WHERE (German = ‘$Germandel[$i]’)
the ’ ends the command and stops the whole thing from working.
Any idea what I can do? This really buggs me.

Thanks in advance,
Steve

carella · August 10, 2004, 9:48am

Use addslashes when querying your database, or mysql_escape_string.

OR, you can filter out apostrophes completely when someone posts and convert them to a character entity.

$Germandel = addslashes($Germandel);
$Germandel = mysql_escape_string($Germandel);

or

$Germandel = str_replace("’", “’”, $Germandel);

Hope that helps.

lig · August 10, 2004, 11:18am

also look at mysql_real_escape_string()

lig · August 10, 2004, 11:18am

also look at mysql_real_escape_string()

Ragster00 · August 10, 2004, 6:37pm

Think we got it the first time Lig! :o

SteveJobs · August 10, 2004, 9:07pm

Thanks a lot everyone. I got it figured out by converting all the ’ into ASCII (I think this is ascii…?) commands and now it works perfectly. Thanks to everyone for the help.

Steve

lig · August 10, 2004, 10:48pm

Oops - :oops: - didn’t know I did that.