using apostrophes in forms

Forum Moderators: coopster

Message Too Old, No Replies

using apostrophes in forms

how to avoid the slash

mylungsarempty

3:55 am on Jul 29, 2004 (gmt 0)

How can i keep PHP from adding a slash before an apostrophe for example when someone types in a text area and submits it... the data is sent to a mysql database...

ergophobe

4:05 am on Jul 29, 2004 (gmt 0)

Strip the slashes when ready to output. That's the better option:

$string = stripslashes($string);

Usually you want PHP to add the slashes, otherwise you'll have problem with you query. Imagine if someone enters: "I don't care" in your form field "field1".

Then you

$query = "UPDATE table1 SET(field1='$_POST['field1']');

PHP will evaluate this as

$query = "UPDATE table1 SET(field1='I don't care');

That will give you a parse error because of the quotes. So you need

$query = "UPDATE table1 SET(field1='I don\'t care');

The trick is that you may need to strip the slashes at the other end, so before you output your string, you need to do this:

$cares = stripslashes($cares);

Tom

dreamcatcher

10:41 am on Jul 29, 2004 (gmt 0)

As added security, you might also want to remove the apostrophe altogether and replace it with a character entity.

$string = str_replace("'", "'", $string);

ergophobe

2:00 pm on Jul 29, 2004 (gmt 0)

Or for that matter

$string = mysql_escape_string($string);

which is a special-built function for making sure that user input is safe for queryies.

Tom