Remove Slashes from SQL statement?

Forum Moderators: coopster

Message Too Old, No Replies

Remove Slashes from SQL statement?

Prior to inserting into database

alcheme

4:40 am on May 31, 2005 (gmt 0)

I use a form to insert comments into a database.

How do I get rid of the slashes around quotes(/""/) before it gets inserted into my database?

SQL statement:

$sql = "INSERT INTO data (comments) VALUES ('$comments')";

How do I prevent the slashes with quotes from being inserted into the database when the comments are submitted?

i.e. this is an example /"quote"/. Should read: this is an example "quote".

~Shane

p.s. Normally its never a problem but occassionally I get some strange comment submitted that is full of slashes around quotes. Maybe someone copied the information and pasted it into the form... i don't know.

grandpa

5:08 am on May 31, 2005 (gmt 0)

To remove slashes you may find the stripslashes() [us3.php.net] function useful.

ironik

5:10 am on May 31, 2005 (gmt 0)

At a guess you might have magic quotes enabled, but the slashes are forward instead of back..? maybe someone can explain that one...

At a guess, I'd say have a go using mysql_escape_string() and see if that better prepares the string for use in your SQL statment.

alcheme

5:20 am on May 31, 2005 (gmt 0)

Hi Grandpa,

I have tried different versions of stripslashes() like this one below but it did not work if I did a test:

stripslashes ($comments);

$sql = "INSERT INTO data (comments) VALUES ('$comments')";

alcheme

5:24 am on May 31, 2005 (gmt 0)

Hi Ironik,

Oops I meant back slashes '\' not forward slashes '/.

~Shane