I'm trying to figure out the best way to replace apostrophes in various user input which is all formatted first using mysql_real_escape_string. Of course this replacement should take place after all input has been sanitized and anything funny removed. :)

Any help would be awesome!

I also forgot to mention that stipslashes isn't an option as some of the input could have legitimate slashes and my understanding is that stripslashes removes every slash whether it was replaced by mysql_real_escape_string or by the user inputting it?

Member Avatar for diafol

With what do you want to replace the apostrophes? Why not replace before you sanitize?

mysql_real_escape_string(str_replace(...))

should work

I'd do any replacing before sanitizing, as you could end up unsanitizing it with string functions. :)

I guess replace wasn't the best term ;-)

So with the escape function, apostrophes return as \' instead of ' so wanted the slashes to be removed but leaving in tact any slashes that the user entered. So, for example, lets say the user inputs the following:

This store isn't that great/good

I would want that to return (or be inserted as) it's written, with slashes and apostrophes in tact). Does that make it a bit clearer?

Member Avatar for diafol

Why do you want to do this? You might break SQL. mysql_real_escape_string() escapes the string, but when you recover it and pass it back to html, they are invisible.

I really, really can't see the value of what you're trying to do. Do you expect a backslash in the input?

Why do you want to do this? You might break SQL. mysql_real_escape_string() escapes the string, but when you recover it and pass it back to html, they are invisible.

I really, really can't see the value of what you're trying to do. Do you expect a backslash in the input?

The type of input people are putting in the forms are long reviews of products and locations. It's entirely possibly that someone could use a slash in their entry. In fact, there are some names of locations and products that have a slash in them. Right now, I'm going in manually on the DB and correcting this display issue which as the site has grown has become quite a task. I'm trying to figure out if there is a systemic way to deal with this issue.

I understand that stripslashes would work for the apostrophe issue (which, by far, is more prevalent on my site) but I think it could effect readability if all slashes were stripped when they were entered into a review field.

Member Avatar for diafol

You realise we're talking about backslashes and not forward slashes right? I've never seen backslashes in normal sentences.

You realise we're talking about backslashes and not forward slashes right? I've never seen backslashes in normal sentences.

You raise a valid point and while I certainly understand (and agree) with your point, i'm just trying to prevent an issue where someone uses the wrong slash only to have it stripped.

Member Avatar for diafol

AFAIK, mysql_real_escape_string (mres) doesn't put a backslash in the DB, it's only used to make safe input. If a backslash already exists in the string, it is kept under mres. So, like I said, I don't understand the concern.

Just ensure magic quotes are turned off.

AFAIK, mysql_real_escape_string (mres) doesn't put a backslash in the DB, it's only used to make safe input. If a backslash already exists in the string, it is kept under mres. So, like I said, I don't understand the concern.

Just ensure magic quotes are turned off.

That was my misunderstanding then, I thought MRES escaped all special types of characters which I assumed, incorrectly it appears, would include backslashes. Thanks for the help :cool:

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.