writing ' or " from a form to a database

Forum Moderators: coopster

Message Too Old, No Replies

writing ' or " from a form to a database

Modern Merlin

5:37 pm on Nov 16, 2007 (gmt 0)

Ok, I have looked for this high and low and it may be that I havent slept or Im not putting in the correct terminology in my searches, but I cant seem to find the right code to do what I need to do within my form.

I have a form that has a text field in it where companies will be inputting thier names (other fileds may have this also). Some of them may look like this:

Some Guy's Company

The problem arises with the ' or even an "

It gives an error obviously when it tries to write it to the database. I know there is a way to "strip slashes" or something like that, that will allow me to actually put something like:

Some Guy\'s Company

into the database. I just cant seem to find it. If someone can pint me in the right direction that would be great!

Modern Merlin

jatar_k

5:42 pm on Nov 16, 2007 (gmt 0)

if you're using mysql then you should use

[php.net...]

on insert and then , as you said

[php.net...]

Caliber Mengsk

6:47 pm on Nov 16, 2007 (gmt 0)

You should also be able to use str_replace to automatically insert and remove the tags for you.

$bob = "Can't you see!";
$bob = str_replace('"', '\"', $bob);
$bob = str_replace("'", "\'", $bob);
$bob = str_replace("$", "\$", $bob);
$bob = str_replace("@", "\@", $bob);

You could probably automate the process by making an array of symbols you want converted.

$bob = "Can't you see!";
$checksym = Array('"', "'", "$", "@", "!", "#");//Just add the symbols to the array.
foreach($checksym as $tmp)
{
$bob = str_replace($tmp, "\" . $tmp, $bob);
}

And to reverse the process, just switch the first to options in the str_replace.
$bob = str_replace("\" . $tmp, $tmp, $bob);

The array is probably easiest to do for many different replacements. If you wanted, you could probably do it to place smilies inside of a message or something using a second array.

[EDIT]
O-o I forgot that in order to use a \ in a string, you have to put \\, so the above code would need two backslashes. Example:

$bob = "Can't you \" see!";
$checksym = Array("'", '"', "!");
foreach($checksym as $tmp)
{
$tmpback = "\\" . $tmp;
$bob = str_replace($tmp, $tmpback, $bob);
}
echo $bob;
?>

That will display out the code as it would be input into the database.

[edited by: Caliber_Mengsk at 6:55 pm (utc) on Nov. 16, 2007]

Modern Merlin

9:32 pm on Nov 16, 2007 (gmt 0)

So then the code would be like this?

Connection code and select DB Code (which I know works)

mysql_real_escape_string (('$order_id','$on_camera','$graphics_animation','$photo_shoot','$stock_video','$producer','$script_writer'), $link);

$insert_orders = mysql_query ("INSERT INTO orders VALUES ('$order_id','$on_camera','$graphics_animation','$photo_shoot','$stock_video','$producer','$script_writer')", $link) or die("There was an error: orders");

Or do I have to do them one at a time?

Modern Merlin

jatar_k

10:39 pm on Nov 16, 2007 (gmt 0)

one at a time

Modern Merlin

8:36 pm on Nov 17, 2007 (gmt 0)

Awwwwe man! LOL

Ok so is this correct?

Connection code and select DB Code (which I know works)

mysql_real_escape_string (('$order_id'), $link);
mysql_real_escape_string (('$on_camera'), $link);
mysql_real_escape_string (('$graphics_animation'), $link);
mysql_real_escape_string (('$photo_shoot'), $link);
mysql_real_escape_string (('$stock_video'), $link);
mysql_real_escape_string (('$producer'), $link);
mysql_real_escape_string (('$script_writer'), $link);

Modern Merlin

4:06 am on Nov 19, 2007 (gmt 0)

Thank you everyone who helped me with this! Its working now! :)

jatar_k

5:34 pm on Nov 19, 2007 (gmt 0)

good work :)

it is a bit annoying to do them all individually but it is much better, when you start doing cleaning on many variables things have a tendency to be overlooked. By doing each one, you know they're done and it can help identify problems more easily.