Wrox Programmer Forums
Go Back   Wrox Programmer Forums > PHP/MySQL > MySQL
|
MySQL General discussion about the MySQL database.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the MySQL section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old November 30th, 2008, 03:11 AM
Authorized User
 
Join Date: Nov 2006
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default how to insert text containing qutation mark...?


Dear php devs
I face a problem when the user type a text to be inserted into mysql using direct insert statement, the problem occured whenever that text containing a single quotation mark, that makes the syntax incorrect.
how to avoid that?


 
Old November 30th, 2008, 03:36 AM
Friend of Wrox
 
Join Date: Jun 2008
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default

You have to double up the apostrophes.

Example:

INSERT INTO people (lastname) VALUES( 'O''Brien' );

And that will actually insert O'Brien

Okay?
 
Old November 30th, 2008, 03:54 AM
Authorized User
 
Join Date: Nov 2006
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

how to insert it as it is
I mean user sometimes type I'm, I want to display it as it is not I''m
thanks alot


 
Old November 30th, 2008, 11:38 AM
Authorized User
 
Join Date: Nov 2006
Posts: 13
Thanks: 0
Thanked 0 Times in 0 Posts
Default

got it
$q=sprintf("insert into news (title,brief,details,date,img) values ('%s','%s','%s','%s','%s')",mysql_real_escape_stri ng($_POST["title"]),mysql_real_escape_string($_POST["brief"]),mysql_real_escape_string($_POST["details"]),mysql_real_escape_string(date("d/m/y")),mysql_real_escape_string($img));
mysql_query($q);

thanks

 
Old December 1st, 2008, 02:47 AM
Friend of Wrox
 
Join Date: Jun 2008
Posts: 1,649
Thanks: 3
Thanked 141 Times in 140 Posts
Default

Yes, except you don't need to escape the date. That function you are using can't possibly produce an apostrophe.

Hmmmm...but that's the wrong format for a date with MySQL. MySQL *ONLY* accepts yyyy-mm-dd format.

Did you perhaps goof and make your date field a text type instead of a DATETIME type???

Incidentally, date is a keyword in MySQL, so you really should enclose it in `...`
to be sure MySQL takes it as a field name. (In an INSERT like this, it's probably okay
as is, but it's a bad habit to get into, omitting the `...` around field names that are keywords.)
 
Old December 23rd, 2008, 09:19 PM
Authorized User
 
Join Date: Dec 2008
Posts: 50
Thanks: 1
Thanked 5 Times in 5 Posts
Default

the best way to say and data into your database is use the following

PHP Code:
$sometext $_POST['sometext'];

include(
'connect.php'); //connect to database

$sometext mysql_real_escape_string($sometext); // prevent from SQL injections

$sometext html_entities($sometext); // prevent from XSS 
when you want to display it to the end user use following
PHP Code:
echo stripslashes($sometext); 

hope the above help;

you can also do some encoding like to covert to utf-8 before saving to database but depends on your requirement.

Thanks
 
Old January 8th, 2009, 02:49 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
Default

Another way to do that is wrap the text in DOUBLE QUOTEs.

"I'm"

Hope that helps.
__________________
- Vijay G

Last edited by happygv; January 8th, 2009 at 02:51 AM.. Reason: Corrected the typo
 
Old January 19th, 2009, 06:46 PM
Authorized User
 
Join Date: Feb 2008
Posts: 89
Thanks: 13
Thanked 0 Times in 0 Posts
Default

You seem that you are tutor in ahgaff university in mukalla, Really...!?
 
Old March 5th, 2009, 06:06 AM
Authorized User
 
Join Date: Feb 2009
Posts: 16
Thanks: 0
Thanked 1 Time in 1 Post
Default

There are two functions in PHP called
addslashes() and
stripslashes()

Addslashes() will add '\' (An escaping character) where ever it needs when it stores into DB

stripslashes() will reverse the operation and it needs when we want to display the content to user.





Similar Threads
Thread Thread Starter Forum Replies Last Post
Insert statement with Quatation mark maz_alaameri ASP.NET 2.0 Professional 3 April 19th, 2007 01:42 PM
insert text into a text box by selecting an link gavmc Other Programming Languages 0 February 15th, 2006 09:46 AM
Insert two fields or more into one Text Object Itai Crystal Reports 2 May 25th, 2005 05:05 AM
How to insert text into panel with out textarea JOptionPane Java GUI 5 May 6th, 2005 03:35 PM
INSERT With a Text field (C#) kwalda SQL Server 2000 1 January 10th, 2004 11:18 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.