A ' in a MySQL message


#1

Hello,
I am a problem that has turned out to be very serious for me. It’s the following:
I have a very usual PHP script that is supposed to access a MySQL database and delete what people can enter into a form before. This works perfectly, until someone had the idea to put a ’ into the form. Since the MySQL commands look something like this:
DELETE FROM sprachen WHERE (German = ‘$Germandel[$i]’)
the ’ ends the command and stops the whole thing from working.
Any idea what I can do? This really buggs me.

Thanks in advance,
Steve


#2

Use addslashes when querying your database, or mysql_escape_string.

OR, you can filter out apostrophes completely when someone posts and convert them to a character entity.

$Germandel = addslashes($Germandel);
$Germandel = mysql_escape_string($Germandel);

or

$Germandel = str_replace("’", “’”, $Germandel);

Hope that helps.


#3

also look at mysql_real_escape_string()


#4

also look at mysql_real_escape_string()


#5

Think we got it the first time Lig! :o


#6

Thanks a lot everyone. I got it figured out by converting all the ’ into ASCII (I think this is ascii…?) commands and now it works perfectly. Thanks to everyone for the help.

Steve


#7

Oops - :oops: - didn’t know I did that.