apostrophes in strings mess up queries

Beginners - Learning PHP
#1

I have a series of string variables that contain user-entered text created via a form and passed using $_POST.

If the user uses an apostrophe ( ’ ) or single-quote in his/her text, the query that writes the string variable containing the apostrophe to the target table causes a SQL query syntax error!

I remember a solution to this but I have slept a number of time since that moment and can’t remember how to change the query to pass an apostophe/single quote.

Alternatively, I am struggling unsuccessfully at writing a function that would strip out apostrophes before processsing the SQL query.

Any ideas???

#2

mysql_real_escape_string(). Please also mind the magic_quotes_gpc setting when filtering POST data.

#3

My apologies for not being a bit clearer on this thread…

Here is an example of the text the user would enter in the form page:

My current job. It’s great.

The above string is placed into a VARCHAR variable called $bestjob

When the variable contents are submitted to the database through an INSERT SQL query, an error occurs because of the apostrophe found inside $bestjob in the word It’s.

What I want to do is either:

Strip the apostrophe from the variable before processing the query.

Force the query to accept the apostrophe.

The second choice would be preferable.

Unworthy I remain

Ack

#4

http://nl2.php.net/mysql_real_escape_string

I know what you meant the first time, and I’m still gonna recommend you to actually click the link and do some research ;)

Sponsor our Newsletter | Privacy Policy | Terms of Service