Inserting a record with an apostrophe in MySQL and PHP
Question
This is not working and I've tried a lot of things. htaccess file specifying magic off. Code below is abbreviated for quickness.
Here's my PHP:
$name=mysql_real_escape_string($_POST['textfield']['name']);
Here's my SQL command:
$sql="INSERT INTO tblmentors (name) VALUES ('$name')
mysql_query($sql) or die (mysql_error());
If there's an apostrophe in the form textfield, slashes are stored and screwing up everything.
2 answers
solution1
3 2013-08-16 15:09:37
There is some "magic sanitize" function used in your application to "cleanse" user input.
Being totally useless, it is also spoiling your data as well.
You have to locate and get rid of it.
Double-check magic quotes too. On modern servers .htaccess just doesn't work.
And you definitely have to move toward prepared statements instead of manual escaping.
solution2
0 2013-08-16 15:48:29
You can try to disable magic quotes .
If that fails, try this:
// I prefer to stripslashes() then mysql_real_escape_string().
// If you want, just skip it and do mysql_real_escape_string inside the else part.
if (function_exists ('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
$tmp = stripslashes ($_POST['textfield']['name']);
}
else
{
$tmp = $_POST['textfield']['name'];
}
$name = mysql_real_escape_string ($tmp);
$sql = "INSERT INTO tblmentors (name) VALUES ('{$name}')";
mysql_query ($sql) or die (mysql_error ());
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.