Using ' in news...

Anon

I have an automated news page, which I thought was working until I found out that I couldn't use ' in it, ie I'm gives a mysql error, (Error: You have an error in your SQL syntax near 'm testing')' at line 1 )

There must surely be someone of getting around this, its rather annoying to be limited in this way, and help would be greatly appreciated.

(I've tried varchar and text for the entry)

Thanks

Anon

Try:

$output=str_replace ("'", "&#39;", $input);

Anon

Where should I put that?
I'm still pretty new, as you can probably tell and always put things in the wrong place!

Thanks

Anon

Use addslashes($value) in your MySQL insert. It adds backslashes before quotes.

Anon

I should probably mention that this is PHP3.

if ($submit) {

// here if no ID then adding else we're editing

if ($id) {

addslashes($newnews);
$sql = "UPDATE tablename SET date='$datepost',user='$useruse',news='$newnews' WHERE id=$id";

} else {

addslashes($newnews);
$sql = "INSERT INTO tablename (date,user,news) VALUES ('$datepost','$useruse','$newnews')";

}

It doesn't appear to like me.

Anon

Read the manual page for addslashes, stripslashes and all references to magic_quotes_gpc.

The addslashes and stripslashes functions return the modified string. You MUST assign that value to the original variable if you want to keep it. That's the fundamental error in your current code.

The magic_quotes_gpc functionality can be controlled by the PHP ini file and by functions that modify it on the fly. It automatically handles the task of escaping SQL metacharacters on incoming get/post/cookie data.

Anon

string addslashes (string str)

Thats whats in the manual, where I tried earlier, however I don't know that strings I'm talking about, I THINK this is the

$news which is the MySQL field I'm trying to put the news into...

But I'm not sure how to phrase it or anything, the manual on the site, and the 800\900 page manual I downloaded don't make it clear, neither do any of the given examples!

Thanks