Replacing Quotes in PHP3 for MySQL Database

Randall posted this at 04:41 — 25th March 2000.

Joined: Aug 1999

I am creating a mysql database that the user may enter information. However, if they use quotes, it screws up the MySQL syntax. For Example, here is a line for a query.

$query = "INSERT INTO users (Name, Info) VALUES ('$value1', '$value2')";

mysql_query($query);

OK, the problem happens when the end user puts quotes into the values. This closes the scring for hte query and causes errors in the actually data storage.

Any ideas how to replace the double quotes?

------------------
Visit the dLo.Network
http://dlo.net

Anonymous posted this at 06:00 — 25th March 2000.

They have: 5,633 posts

Joined: Jan 1970

Randall,

You have two options:

1) Use the htmlspecialchars() function... This changes special characters like the ' and the " to their HTML counter part. Reference http://www.php.net/manual/function.htmlspecialchars.php for more information on this function.

2) Use the addslashes() function. Add slashes basically escapes special characters, like the " and the ' ... Both can cause problems with mySQL... This is the one that I use. I use it because it doesn't convert any code and give you the ugly &#...; looking things. Reference http://www.php.net/manual/function.addslashes.php for more information on this function.

Hope that helps.

------------------
TWF Administrator

Looking for Web Hosting Services?
Dynamic Internet Solutions : http://www.dids.com
Windows NT and UNIX Hosting ($9.95 - $399.95), Dedicated Servers, and Co-Location Programs

[This message has been edited by Chad Simper (edited 25 March 2000).]

Randall posted this at 03:00 — 26th March 2000.

They have: 141 posts

Joined: Aug 1999

Thanks! AddSlash is just the function I am looking for! With so many functions PHP can get confusing... I was trying to use ereg_replace(), but it wouldn't work with double quotes.

------------------
Visit the dLo.Network
http://dlo.net