Apostrophes in my database

Some single-word entries in my database contain un-escaped apostrophes. When I display these words back to the screen, a backslash is inserted on the screen, so what should read Tom’s looks like Tom/'s.

How do I echo “$variable”; so what gets displayed matches what is in the database.

I understand the dangers of SQL injection, but it doesn’t, in this one particular case, apply. Any suggestions would be greatly appreciated.

What extension are you using to connect to the database?

PHP and Mysql.

He probably was asking whether you use PDO or MySQLi to connect to the database.

We need more detail.

Btw, I am new, too.

Gonna be honest, you haven’t given us much to go on.

Unescaped apostrophes in your database is totally OK. But if they’re coming out in your HTML as backslash-escaped, then that tells us that somewhere between reading the value from the DB and echoing it out, you’re calling addslashes or mysql escape or something similar. That’s all we can say for sure.

I’m going to wager a guess that you have some sort of catch-all escape function. It probably stips tags, adds slashes, and calls htmlspecialchars. You probably use it both when inserting into your DB and when echoing HTML. Assuming this guess is correct, then this is your problem. The way we escape for SQL is different than the way we escape for HTML and different than the way we escape for JSON, for shell, and others. There’s no such thing as a one-size-fits-all escape function. If you’re outputting to HTML, then you need to escape for only HTML.

Excellent!

It’s an odd mix of PDO and mysqli and old mysql commands. You were right. I had addslashes on all the mysql queries. Changed them to stripslashes, and it displays fine.

Thanks!

It’s an odd mix of PDO and mysqli and old mysql commands.

Sounds lovely! I worked on a project once that had all three in it. It was not fun really…

2 Likes

Try to standardize your coding and keep in mind that mysql functions are officially deprecated.

Good luck!

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.