Home > Archive > PHP Programming > April 2007 > single quotes
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| charlespb69 2007-04-24, 6:59 pm |
| I am new to php so this might be a real simple question. I have a
form that users are able to input information into and the information
goes into a mysql database table.. But single quotes (apostrophes)
are giving me problems. What can I do about this?
| |
| Iván Sánchez Ortega 2007-04-24, 6:59 pm |
| charlespb69 wrote:
> I am new to php so this might be a real simple question. I have a
> form that users are able to input information into and the information
> goes into a mysql database table.. But single quotes (apostrophes)
> are giving me problems. What can I do about this?
RTFM, and use mysql_real_escape_string() when appropiate. That
means "always".
--
----------------------------------
Iván Sánchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-
http://acm.asoc.fi.upm.es/~mr/
Proudly running Debian Linux with 2.6.20-1-amd64 kernel, KDE3.5.3, and PHP
5.2.0-10 generating this signature.
Uptime: 20:31:19 up 1 day, 6:50, 2 users, load average: 0.97, 0.79, 0.76
| |
| Michael Placentra II 2007-04-24, 6:59 pm |
| I use variable casting instead when the input should be a number. I don't use intval() or floatval() unless I need a base change.
Also, if you are using MySQLi instead and prefer OOP-style, then your method would be
$mysqliObj->real_escape_string()
| |
| Bruno Barberi Gnecco 2007-04-24, 6:59 pm |
| Rik wrote:
> Iván Sánchez Ortega wrote:
>
>
>
> I thought always, always, always :P
>
> (Not true though, often you can use intval()/floatval(), possibly aided
> by foreign key checks.)
>
Also, check that magic_quotes (http://php.net/magic_quotes) is
unset.
--
Bruno Barberi Gnecco <brunobg_at_users.sourceforge.net>
Imbalance of power corrupts and monopoly of power corrupts absolutely.
-- Genji
| |
| Good Man 2007-04-24, 6:59 pm |
| Bruno Barberi Gnecco <brunobgDELETETHIS@users.sourceforge.net> wrote in
news:f0lq0v01g99@news3.newsguy.com:
>
> Also, check that magic_quotes (http://php.net/magic_quotes) is
> unset.
and don't do it on arrays themselves
| |
| charlespb69 2007-04-25, 9:58 pm |
| On Apr 24, 11:31 am, Iv=E1n S=E1nchez Ortega <ivansanchez-...@rroba-
escomposlinux.-.punto.-.org> wrote:
> charlespb69 wrote:
>
> RTFM, and use mysql_real_escape_string() when appropiate. That
> means "always".
>
> --
> ----------------------------------
> Iv=E1n S=E1nchez Ortega -ivansanchez-algarroba-escomposlinux-punto-org-
>
> http://acm.asoc.fi.upm.es/~mr/
> Proudly running Debian Linux with 2.6.20-1-amd64 kernel, KDE3.5.3, and PHP
> 5.2.0-10 generating this signature.
> Uptime: 20:31:19 up 1 day, 6:50, 2 users, load average: 0.97, 0.79, 0.=
76
What does RTFM mean - Read the f__cking manual?
| |
| Jerry Stuckle 2007-04-26, 3:59 am |
| charlespb69 wrote:
> On Apr 24, 11:31 am, Iván Sánchez Ortega <ivansanchez-...@rroba-
> escomposlinux.-.punto.-.org> wrote:
>
> What does RTFM mean - Read the f__cking manual?
>
Yes.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
| |
|
| Jerry Stuckle wrote:
> charlespb69 wrote:
>
> Yes.
Or, "Read The Fine Manual" for the faint of heart, just to stress the
manual is really giving a clear answer :-)
--
Rik Wasmus
Estimated date being able to walk again: 01-05-2007.
Less then a w , hurray!
|
|
|
|
|