I don't see why addslashes wouldn't work, but why not roll your own?
$dbStr = preg_replace("/'/", "/\\'/");
I believe that, in MySQL, you can also double-up single quotes to escape
them:
$dbStr = preg_replace("/'/", "/''/");
HTH
Matt
On Wed, 27 Feb 2002, Tim Thorburn wrote:
> Hi,
>
> I've sent a few emails thus far regarding adding apostrophe's through a PHP
> script form into a MySQL database. The responses I received indicated to
> me that I needed to get my hosting company to activate magic_quotes_gpc.
>
> After several days of talking with what seems to be the sole tech support
> person left at my hosting company - I was told that the magic_quotes_gpc
> variable is not supported by them.
>
> Sooo ... this leaves me in a rather awkward situation. I need to have a
> basic content management system up and running in the extremely near future
> that will be utilized by a great number of individuals. If when an
> apostrophe is entered - all the information entered through the form is
> rejected by the database - the entire endeavour suddenly becomes rather
> useless.
>
> I know that if I enter a \ before any apostrophe's in the form, it all
> works well ... but I highly doubt that the large number of volunteer's
> we're going to be working with here will take the time to add them, or even
> remember 5 minutes after I tell them.
>
> Does anyone have any possible solutions for this problem? I'll include the
> portion of code that seems to be causing the problems now ...
>
> I'm already using the addslashes() command and it is not working ... I'm
> desperate at this point ...
>
> Again, the following works flawlessly on my local test machine running
> Apache 1.3.23 and PHP 4.1.1 with MySQL 3.23.39 but not at all on my web
> host running Apache 1.3.12 and PHP 3.0.16 with MySQL 3.22.32
>
> Thanks in advance,
> -Tim
>
>
> <?php
> $db = mysql_connect("localhost", "xxxx", "xxxx");
> mysql_select_db("edoinfo",$db);
>
> if ($submit) {
> // here if no ID then adding else we're editing
> if ($id) {
> $sql = "UPDATE ai_data SET
>
>section='$section',subsection='$subsection',heading='$heading',title='$title',info='$info',entry=NOW()
> WHERE id=$id";
> } else {
> $sql = "INSERT INTO ai_data
> (section,subsection,heading,title,info,entry) VALUES
> ('$section','$subsection','$heading','$title','$info',NOW())";
> }
> // run SQL against the DB
> $result = mysql_query($sql);
> echo "Record updated/edited!<p>";
> echo "<a href='add_info.php' class='comcal'>ADD A RECORD</a>";
>
> } elseif ($delete) {
> // delete a record
> $sql = "DELETE FROM ai_data WHERE id=$id";
>
> $result = mysql_query($sql);
>
> echo "$sql Record deleted!<p>";
> echo "<a href='add_info.php' class='comcal'>ADD A RECORD</a>";
>
> } else {
> // this part happens if we don't press submit
> if (!$id) {
> // print the list if there is not editing
> $result = mysql_query("SELECT * FROM ai_data",$db);
> while ($myrow = mysql_fetch_array($result)) {
> printf("<a href=\"%s?id=%s\" class='comcal'>%s</a> \n", $PHP_SELF,
> $myrow["id"], $myrow["title"]);
>
> printf("<a href=\"%s?id=%s&delete=yes\" class='comcal'>(DELETE)</a><br>",
> $PHP_SELF, $myrow["id"]);
> }
> }
>
> ?>
> <p> <a href="<?php echo $PHP_SELF?>" class="comcal">ADD A RECORD</a>
> <p> <form method="post" action="<?php echo $PHP_SELF?>">
> <?php
> if ($id) {
> // editing so select a record
> $sql = "SELECT * FROM ai_data WHERE id=$id";
> $result = mysql_query($sql);
> $myrow = mysql_fetch_array($result);
>
> $id = $myrow["id"];
> $section = $myrow["section"];
> $subsection = $myrow["subsection"];
> $heading = $myrow["heading"];
> $title = addslashes($myrow["title"]);
> $info = addslashes($myrow["info"]);
> $entry = $myrow["entry"];
>
> // print the id for editing
> ?>
> <input type=hidden name="id" value="<?php echo $id ?>">
> <?php
> }
> ?>
> </td>
> <td align="left" valign="top">Section<font size="1"></font>:</td>
> <td align="left" valign="top">
> <input type="text" name="section" value="<?php echo $section ?>"
> size="35" maxlength="100" <?php include('../../../scripts/forms.css'); ?>>
> </td>
> </tr>
> <tr>
> <td align="left" valign="top">Sub-Section: </td>
> <td align="left" valign="top">
> <input type="text" name="subsection" value="<?php echo $subsection
> ?>" size="35" maxlength="100" <?php include('../../../scripts/forms.css'); ?>>
> </td>
> </tr>
> <tr>
> <td align="left" valign="top">Heading Graphic: </td>
> <td align="left" valign="top">
> <input type="text" name="heading" value="<?php echo $heading ?>"
> size="35" maxlength="255" <?php include('../../../scripts/forms.css'); ?>>
> </td>
> </tr>
> <tr>
> <td align="left" valign="top">Section Title: </td>
> <td align="left" valign="top">
> <input type="text" name="title" value="<?php echo $title ?>"
> size="35" maxlength="255" <?php include('../../../scripts/forms.css'); ?>>
> </td>
> </tr>
> <tr>
> <td align="left" valign="top" colspan="2"> </td>
> </tr>
> <tr>
> <td align="left" valign="top">Document Information: </td>
> <td align="left" valign="top">
> <textarea cols="35" name="info" rows="5" <?php
> include('../../../scripts/forms.css'); ?>><?php echo $info ?></textarea>
> </td>
> </tr>
> <tr>
> <td align="left" valign="top"> </td>
> <td align="left" valign="top"> </td>
> </tr>
> <tr>
> <td align="left" valign="top">Event Entry: </td>
> <td align="left" valign="top">
> <?php echo $entry ?>
> </td>
> </tr>
> <tr>
> <td align="left" valign="top"> </td>
> <td align="left" valign="top"> </td>
> </tr>
> <tr>
> <td align="left" valign="top">
> <input type="Submit" name="submit" value="Enter information"
> border=0 alt="Enter Information" style="background-color: 000000;
> font-size: 14; color: cccccc;">
> </td>
> <td align="left" valign="top"> </td>
> </tr>
> <tr>
> <td align="left" valign="top"> </td>
> <td align="left" valign="top"> </td>
> </tr>
> </table>
> </form>
>
> <?php
> }
> ?>
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
