How to prevent apostrophe from being removed PHP MySQL
Question
I have a registration system which requests a users name. Some people have an apostrophe in their surname and it's preventing the data from being written to the MySQL database table (eg O'Hare).
I am using mysql_real_escape_string which is removing the apostrophe from the string. This would be fine except I need to use the value with the apostrophe against a Web Service, otherwise the Web Service will return false.
I was thinking I could do the name check with the Web Service before using mysql_real_escape_string, but could this present a security flaw? Or do SOAP Web Services already do their own checks for clean inputs?
Or is there a better way of passing through the variable whereby PHP retains the apostrophe but still keeps it secure and MySQL can accept it?
3 answers
solution1
7 ACCPTED 2010-11-25 10:23:16
You should show us some code, because mysql_real_escape_string will not remove an apostrophe, but only escape them.
Escaping means O'Hare will become O\\'Hare so that it can be inserted as a string: 'O\\'Hare' . Upon retrieval from the database, your value should still be the original O'Hare .
So, if the apostrophe is 'lost' there likely is an error somewhere else in your program logic.
The other option is to switch from using the MySQL library to the MySQLi or PDO library for accessing your database. The latter two support prepared statements. Prepared statements are generally thought as being the best practice for querying your database.
solution2
0 2010-11-25 10:23:47
mysql_real_escape_string() will not remove apostrophes.
Your problem is likely on the output side, or some other function messing with the input.
solution3
0 2011-10-01 16:16:41
在使用mysql_real_escape_string之前,您需要打开数据库连接,否则它将发生故障。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.