Member Avatar for Hani1991

Hello everybody I want to avoid the errors that occur when I post a text that contain the ' sign and put it in a mysql query
someone told me that theres a function in php to do that
but I want to use it manually because he told me that this function doesnt allow much encoding types such as persian and arabic
I tried the following code:

require("database_connection.php"); //to handle the connection to the database
$GivenVar = str_replace("'","\\'",$GivenVar); //to replace the normal ' with \\' so that mySQL recognizes it as \' and works
mysql_query("insert into mytable(text) values('$GivenVar')",$my_connection);
echo 'Success!';

but there was no result and the message that says 'Success!' didnt appear!
HELP PLEASE

  • 3 Contributors
  • 5 Replies
  • 108 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by Pro2000
Member Avatar for almostbob

'someone' is wrong, sanitizing filters are smarter than that,

this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set[/b] then the entire string is rejected resulting in a 0-length string.

My bold, aware of character set, if you set correct encoding everything works http://php.net/manual/en/filter.filters.sanitize.php full description all the filters available (in english, the farsi links dont work)

Edited by diafol because: fixed formatting
Member Avatar for Hani1991

Thanx but ist wrong to use my code???
And whats wrong with my code why isnt it printing the required text???

Member Avatar for Pro2000

I think you should change the second line from your code so it becomes:

$GivenVar = str_replace("'",'\'',$GivenVar);

Hope it helps.

Member Avatar for Hani1991

Yes it works perfectly
Thanx
but what about the use of it instead of the function Ive talked about???

Member Avatar for Pro2000

Since you're trying to insert this text into a database, you can use the addslashes function like the following:

$GivenVar = addslashes($GivenVar)

This function puts slashes before the special characters like the single quotation mark so you avoid the manual use of the function you've written.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.