Can't update MySQL when field has a ' (single quote)

Forum Moderators: open

Message Too Old, No Replies

Can't update MySQL when field has a ' (single quote)

moved to new server; 5.0

walkman

4:35 am on Aug 16, 2007 (gmt 0)

Hi,
most of my entries have at least a field with '' and I cannot update them until I fix this problem.
The error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'text

Does someone know what setting do I need to change so single quotes are accepted? They worked fine with 4.1 and I hope I don't have to comb through 1000's of lines of code to change them :). They are displayed just fine as they are 'text'; I just can't update them. I know (Ok, I think I know) it has to do with with character sets and stuff, but no idea as to where to start.

any ideas?

thanks guys,

Habtom

7:07 am on Aug 16, 2007 (gmt 0)

You just need to escape them: mysql_real_escape_string [php.net]

vincevincevince

7:38 am on Aug 16, 2007 (gmt 0)

I suspect you previously had magic_quotes enabled in PHP and it is that which has broken your scripts. Habtom is right - mysql_real_escape_string() is the right solution. Try to resist the urge to turn magic_quotes back on as it is a dangerous crutch to use...

walkman

2:54 pm on Aug 16, 2007 (gmt 0)

apparently I am screwed:
; Magic quotes for incoming GET/POST/Cookie data.
magic_quotes_gpc = On

it was on on my old php.ini. The thing is that it worked fine for years and now, I have no choice but to turn it on here too, at least for the domains using this program. The fix is gonna be painful. I already have to turn register_globals on for a few directories otherwise?= don't work. Oh well. Would you say that this is a sign of a lazy programmer?

throught the code I see:
$text=mysql_escape_string(nl2br(stripslashes($text)));

mysql_real_escape_string apparently is newer but shouldn't the first one work too?

Thanks guys,