Problem retrieving MySQL data with single quotes ( ' ) (apostrophe) in PHP

One of the fields (named product) in MySQL DB table contains record: Dave\'s

I use a function that returns DB results as an array:

function get_contents($userID) {

	//get stuff in the cart and return in indexed array
	$q1 = "SELECT * FROM example WHERE userID='" . $userid . "' AND deletestatus='0' AND submitstatus='0' ORDER BY `quoteID` DESC ";
	$incart_r = mysql_query($q1) or die(mysql_error());

	$contents = array();
	while($incart = mysql_fetch_array($incart_r)){

		//build array of info
		$item = array(
	return $contents ;

next: only quoteIDs are displayed in the table. Each quoteID is hyperlinked with the data related to it. Once you click on the particular quoteID it will open up the new page with only data belonging to that particular quote.

When I hover on top of each quoteIDs, the ones with ( ’ ) are getting truncated and therefore not showing up properly.

MySQL table has these records:

quoteID | userID | jobname | product

1 |1 | Super | book

2 |5 |Dave\'s |book

the hyperlink for quoteID : 2 is getting truncated after Dave like this:

<a href=index.php?userID=5&quoteID=2&jobname=Dave\\>2</a>

but it should be:

<a href=index.php?userID=5&quoteID=2&jobname=Dave\\'s&product=book>2</a>

How do I fix this ?


You have threee problems that need to be fixed.

FIrst, you must stop double escaping your data when inserting it into the database. You need to escape once, using addslashes() or preferably mysql_real_escape_string(). But php may or may not have already escaped the data for you. This is the magic_quotes_gpc setting.

Second, html attributes should be quoted unless you understand how html parsers work.

Third, you need to escape data before placing it into an html attribute. Otherwise you still face invalid html issues, as well as xss issues. see htmlspecialchars(). use the ENT_QUOTES flag.