Home > Archive > PHP Language > October 2004 > ereg_replace question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
ereg_replace question
|
|
|
| Hi,
I'm just starting to get into this part of programming, and now I suddenly
need to be able to escape a quotation-mark ( " ) in a string.
The problem is that my users have to type in a text in a form and my
script saves this text into the database. No problem.......unless the
user types in one or more quotation-marks. Then nothing is being saved
into the database....obviousely. How do I switch the typed special-
characters into the valid html-special-chars?
Best regards
Ricki
--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
| |
| Alvaro G Vicario 2004-10-29, 8:55 am |
| *** Ricki wrote/escribió (Fri, 29 Oct 2004 11:03:22 +0200):
> I'm just starting to get into this part of programming, and now I suddenly
> need to be able to escape a quotation-mark ( " ) in a string.
> The problem is that my users have to type in a text in a form and my
> script saves this text into the database. No problem.......unless the
> user types in one or more quotation-marks. Then nothing is being saved
> into the database....obviousely. How do I switch the typed special-
> characters into the valid html-special-chars?
Escaping quotes has nothing to do with HTML. They *always* have to be
escaped (even in plain text) to prevent SQL-injection and unexpected syntax
errors in your queries. How you escape them depends on your database
management system.
SQL Server: SELECT * FROM table WHERE name='Patrick O''Brian'
MySQL: SELECT * FROM table WHERE name='Patrick O'Brian'
Check these functions:
str_replace()
addslashes()
dbx_escape_string()
mysql_escape_string()
pg_escape_string()
--
-- Álvaro G. Vicario - Burgos, Spain
-- Thank you for not e-mailing me your questions
--
|
|
|
|
|