[php/SQL] insert into db a value with space and apostroph

Discussion in 'PHP' started by mordimi, Jun 29, 2008.

0
  1. #1
    hi again, im goin crazy with a simple things.
    i have a form in a file, with the value in a echo ""; 
    <option value=valle  d'aosta>Val D'Aosta</option>
    PHP:
    as you can see it has a space, then a letter and an apostroph, i tried with ' ' to escape the apostroph, but the query insert \''' so the excape is \? but if i write \' , the query print \\' (lol), btw the big problem is that the query doesnt insert the space, example valle d'aosta, inserts only 'valle'. i tried also $regione=mysql_escape_string($_REQUEST['regione']);

    where 'regione' is the name of the form, a <select>.

    any suggestion? thx in advance
     
    mordimi, Jun 29, 2008 IP
  2. IGiveMoney

    IGiveMoney Peon

    Messages:
    116
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #2
    you either need to add the \ to escape the ' or you can use the magic_quote function to assist you.

    Google: magic_quotes

    to help you out.

    Let me know if you need some more help!
     
    IGiveMoney, Jun 29, 2008 IP
  3. mordimi

    mordimi Active Member

    Messages:
    177
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #3
    thx for the answer,i tried putting \' but it prints \\' so t wont work in my case, and i know the magic quote, but i cant access the php.ini cause the server isnt mine, but im hosted :)


    i can avoid that with stripslashes, so the apostrph problem is resolved, but how can i add a space?

    and if the problem is in the type in the databasE? im using varchar...it could be trim the space?
     
    mordimi, Jun 29, 2008 IP
  4. mordimi

    mordimi Active Member

    Messages:
    177
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #4
    i resolved with 
    <option value=\"valle  d'aosta\">Val D'Aosta</option>
    PHP:
    the output was "valle d\'aosta", but i used stripslashes($valle) and thats ok now :)
     
    mordimi, Jun 29, 2008 IP
  5. David Pankhurst

    David Pankhurst Member

    Messages:
    39
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    43
    #5
    To work with data here's the trick:

    when putting data out to the web, get rid of ' and " by converting them to html characters:

    $textOut=html_entities($textIn,ENT_QUOTES,'UTF-8');
    Code (markup):
    for reading in, you'll need to check magic quotes using the get_magic_quotes_gpc() function, and only remove then:

    // $textin is your data from the form
if (get_magic_quotes_gpc()) $textin=stripslashes($textin);
    Code (markup):
    and finally, for db, you use the mysql_escape_string() before writing it to the db:

    $textForDb=mysql_escape_string($text);
    Code (markup):
    the will make the data safe for db (including single quotes).
     
    David Pankhurst, Jun 29, 2008 IP
  6. mordimi

    mordimi Active Member

    Messages:
    177
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #6
    as i said, i resolved with:

    in the form value: <option value=\"valle d'aosta\">Val D'Aosta</option>


    and then i stripslashes the value to remove the "\"

    :)
     
    mordimi, Jun 30, 2008 IP