Avoiding the mistakes of ' sign

Question

Hani1991 12 Junior Poster

13 Years Ago

Hello everybody I want to avoid the errors that occur when I post a text that contain the ' sign and put it in a mysql query
someone told me that theres a function in php to do that
but I want to use it manually because he told me that this function doesnt allow much encoding types such as persian and arabic
I tried the following code:

require("database_connection.php"); //to handle the connection to the database
$GivenVar = str_replace("'","\\'",$GivenVar); //to replace the normal ' with \\' so that mySQL recognizes it as \' and works
mysql_query("insert into mytable(text) values('$GivenVar')",$my_connection);
echo 'Success!';

but there was no result and the message that says 'Success!' didnt appear!
HELP PLEASE

php

3 Contributors
5 Replies
108 Views
7 Hours Discussion Span
Latest Post 13 Years Ago Latest Post by Pro2000

almostbob 866 Retired: passive income ROCKS

13 Years Ago

'someone' is wrong, sanitizing filters are smarter than that,

this filter is aware of the default_charset and if a sequence of bytes is detected that makes up an invalid character in the current character set[/b] then the entire string is rejected resulting in a 0-length string.

My bold, aware of character set, if you set correct encoding everything works http://php.net/manual/en/filter.filters.sanitize.php full description all the filters available (in english, the farsi links dont work)

Edited 11 Years Ago by diafol because: fixed formatting

Pro2000 29 Posting Whiz

13 Years Ago

I think you should change the second line from your code so it becomes:

$GivenVar = str_replace("'",'\'',$GivenVar);

Hope it helps.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Hani1991 12 Junior Poster · Answer 1 · 2011-07-22T03:34:17+00:00

Thanx but ist wrong to use my code???
And whats wrong with my code why isnt it printing the required text???

Hani1991 12 Junior Poster · Answer 2 · 2011-07-22T03:58:20+00:00

Yes it works perfectly
Thanx
but what about the use of it instead of the function Ive talked about???

Pro2000 29 Posting Whiz · Answer 3 · 2011-07-22T04:02:35+00:00

Since you're trying to insert this text into a database, you can use the addslashes function like the following:

$GivenVar = addslashes($GivenVar)

This function puts slashes before the special characters like the single quotation mark so you avoid the manual use of the function you've written.