problems with the apostrophe

[Anonymous]

Hi Coders,

htmlentities() and addslashes() / stripslashes() are working fine with all signs except the apostophe. I use a form to save text in a mysql-database. On a validation-page shown after submit the backslashes are correctly set:

here's an example
it would look like: here\'s an example
but in the database: here\

But in the database I can only see a backslash. Where is the apostrophe and the text right of it gone?

Help...

Thanks

Alex

 

[Anonymous]

Hi,
before you insert a value $value1
do $value1 = addslashes($value1);
and then

insert into tablename (field1) valaues ($value1);

and then when you retrieve and display the content

$row = mysql_fetch_array($result);
echo (stripslashes($row['field1']));

This should solve the problem.. :!:

 

[Anonymous]

I already use Your code. Let's assume:

<?php

global $text1;

if (empty($submit)){
?>
<form action="<?php echo $PHP_SELF ?>" method="post">
<input type="text" name="text1">
<input type="submit" name="submit">
<form>

<?php
}
else {
$text1 = stripslashes($text1);
echo $text1;
}
?>

Usually I don't have to take care about any characters, as I think the webserver's configuration does it. So a \ will automatically become \\ without htmlentities() or addslashes(). But to echo the original strings I have to use stripslashes(). Only in the case of saving these strings in a mysql-db I have the problem with the apostrophe, any other characters are fine. This apostrophe is kind of a separator I think. How can I put it as a string in the db?

Alex

 

[Anonymous]

$sql = insert into tablename(field) values("string with ' apostro")';
mysql_query($sql);

 

[Anonymous]

That's what I do. But the string, which contains the ' , let's say: "Here's my example" will be in the db like "Here\". Everything from the ' on is cut. When I stripslashes($string), I get "Here", that's all.

Alex

 

[Anonymous]

Then you need to re-insert all of the problem rows. If you're not getting the whole string back with your SELECT query, then it means the whole string isn't in the database.

You really ought to be doing your MySQL testing in a MySQL client like MySQLCC or just mysql.exe -- testing MySQL queries in PHP is just asking for trouble, because of issues precisely like this. Write your queries in a MySQL client, and then once you know they work, put them into PHP and deal with slashes and whatnot then.