SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    always learning . . .
    Join Date
    Nov 2003
    Location
    UK
    Posts
    821
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    quotes both single and double causing me headache

    User inputs data in ASP form, should allow for most gramma especially quotes.

    This data in PHP then is inserted into SQL. but work with the quotes need doing first as SQL keeps breaking.

    in PHP for single quotes i Use

    Code:
    $fKeywords = str_replace("\'","''",$fKeywords);
    $fDescription = str_replace("\'","''",$fDescription);
    BUT this for double quotes like the above dont work.

    Code:
    $fDescription = str_replace("\", "", $fDescription);
    Without any code \" gets inserted. Just need to remove the \ from being inserted. HOW ? I get errors using the above.

    Thanks.

  2. #2
    SitePoint Addict launchcode's Avatar
    Join Date
    Dec 2004
    Location
    Bristol, UK
    Posts
    259
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is explained (in a lot of detail!) here:

    http://www.webmasterstop.com/tutoria...c-quotes.shtml

    Cheers,

    Rich
    Richard Davey

    Launchcode
    PHP Security Guide. Think your scripts are secure? Think again.

  3. #3
    always learning . . .
    Join Date
    Nov 2003
    Location
    UK
    Posts
    821
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    MYSQL rules are different to MSSQL's with using QUOTES. MSSQL say for single quotes needs to change ' to ''

  4. #4
    Dinah-Moe Humm mudshark's Avatar
    Join Date
    Dec 2003
    Posts
    1,072
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    //maybe this?
    $fDescription stripslashes($fDescription); 

  5. #5
    SitePoint Addict launchcode's Avatar
    Join Date
    Dec 2004
    Location
    Bristol, UK
    Posts
    259
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You didn't say you were using SQL Server but the theory is still the same. You are probably finding that magic_quotes is messing this up for you (I would expect it to actually quote both of the ' characters). Disable maqic_quotes and then use your code.

    PHP Code:
    $fDescription str_replace("\", "", $fDescription); 
    This will fail because you are escaping the closing quote. Try this?

    PHP Code:
    $fDescription str_replace('\"'''$fDescription); 
    If it's a \" you want to get rid of, or stripslashes if you just want the \'s removed. Although MSSQL should have returned the data escaped already.
    Richard Davey

    Launchcode
    PHP Security Guide. Think your scripts are secure? Think again.

  6. #6
    always learning . . .
    Join Date
    Nov 2003
    Location
    UK
    Posts
    821
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    cheers. managed to get something along these lines sorted. Rich apologies I did not did I.

    Thanks guys. Your great.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •