Hi,

how can make use of the following logic in php:

if chr(') || chr(") isin Variable {
replace(' or " by sumthing that will enable me to perform MySQL query blah blah where x=variable)


Thanks

Use the PHP function addslashes() to escape the quotes.

Within XOOPS, you should use MyTextSanitizer::addSlashes():

$myts =& MyTextSanitizer::getInstance();
$x = $myts->addSlashes($x);
$query = "SELECT * FROM `table` WHERE `column` = '$x'";

Actually I am using the same exact code, this is what I have:

$x = $myts ->addslashes($blahblah);

but before adding $x into mySQL, I am using the following:

$x = $myts->htmlSpecialChars($myts ->stripSlashesGPC($x));
Above Line: I saw it somewhere

Now in my mySQL, the ' is replaced by #039;s. One way would be to update all entries with #039;s to '. Or the other way will be to use string replace when callin from a php script.

So another question now, do I need to use the StripSlashes.. thing before adding into mySQL. But I am curious at the same time, how to output an entry with a ' from mySQL for future ref.


Thank for your help