1
attock
PHP - Single and double quotes
  • 2007/4/6 21:45

  • attock

  • Not too shy to talk

  • Posts: 138

  • Since: 2006/8/20


Hi,

how can make use of the following logic in php:

if chr(') || chr(") isin Variable {
replace(' or " by sumthing that will enable me to perform MySQL query blah blah where x=variable)


Thanks

2
Dave_L
Re: PHP - Single and double quotes
  • 2007/4/7 0:01

  • Dave_L

  • XOOPS is my life!

  • Posts: 2277

  • Since: 2003/11/7


Use the PHP function addslashes() to escape the quotes.

Within XOOPS, you should use MyTextSanitizer::addSlashes():

$myts =& MyTextSanitizer::getInstance();
$x = $myts->addSlashes($x);
$query = "SELECT * FROM `table` WHERE `column` = '$x'";

3
attock
Re: PHP - Single and double quotes
  • 2007/4/7 0:11

  • attock

  • Not too shy to talk

  • Posts: 138

  • Since: 2006/8/20


Actually I am using the same exact code, this is what I have:

$x = $myts ->addslashes($blahblah);

but before adding $x into mySQL, I am using the following:

$x = $myts->htmlSpecialChars($myts ->stripSlashesGPC($x));
Above Line: I saw it somewhere

Now in my mySQL, the ' is replaced by #039;s. One way would be to update all entries with #039;s to '. Or the other way will be to use string replace when callin from a php script.

So another question now, do I need to use the StripSlashes.. thing before adding into mySQL. But I am curious at the same time, how to output an entry with a ' from mySQL for future ref.


Thank for your help

Login

Who's Online

301 user(s) are online (237 user(s) are browsing Support Forums)


Members: 0


Guests: 301


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits