php_begins Posted October 14, 2011 Share Posted October 14, 2011 how do i handle single quotes in sql query " SELECT name from phrase WHERE name='$stitle' "; this returns an error because the name contains single quotes like this: Johnson's. Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 mysql_real_escape_string() Quote Link to comment Share on other sites More sharing options...
php_begins Posted October 14, 2011 Author Share Posted October 14, 2011 do i have to reconvert them to something before displaying? Quote Link to comment Share on other sites More sharing options...
Psycho Posted October 14, 2011 Share Posted October 14, 2011 maybe, but that has nothing to do with using mysql_real_escape_string(). The function mysql_real_escape_string() will simply escape input to make it safe for a DB query. But, the stored value is not the escaped value. So if you have the value "O'Reilly" and want to insert it into the database. mysql_real_escape_string() will convert that to "O\'Reilly". But, the "\" just tells the MySQL engine to treat the apostrophe as a literal value and not a delimiter - so the DB treats it as the string "O'Reilly" and that is what would be stored in the database. Now, when you go to display that in an HTML page you will execute a query and get the value, which will be "O'Reilly". But, depending on how you plan to use the value you may need to do a transformation. For example, if you plan to use the value to populate a text inut field you will need to run it though htlmspecialcharacters() or htmlentities() - otherwise it could corrupt your HTML code This would not be good: <input type='text' name='last_name' value='O'Reilly'> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.