I'm replacing a single quote with the backward tick (`) symbol and inserting new records in MySQL with success. The owner has requested to see single quotes not the backward tick. How can I insert without using the str_replace method below? or does anyone have ideas where I can find sample code?
$sqlset = $sqlset . "Title";
$sqlset2 = $sqlset2 . "'" . str_replace("'", "`",$HTTP_POST_VARS["title"]) . "'";
Replace each single quote with two single quotes
$new_string = str_replace("'","''",$your_string);
$new_string = str_replace("'","''",$your_string);
$new_string = str_replace("double, single and double quotes, double, single, double qoutes, $your_string);
If so I tried this before without success. Does the code below look incorrect I have to have this format?
$sqlset2 = $sqlset2 . "'" . str_replace("'", "`",$HTTP_POST_VARS["title"]) . "'";
Change your back tick to be two single quotes.
Then I'd print out the value of $sqlset2 just to see what you are getting. Not sure what should be there, but it should be a string with single quotes on the outside and then doubled up single quotes within.
OK tried it and by typing in --> it's
the output was 'it\'s'
It's escaping somewhere below:
$sqlset2 = $sqlset2 . "'" . str_replace("'", "'",$HTTP_POST_VARS["title"]) . "'";
Now you're replacing a single quote with a single quote. That's not going to help much.
$sqlset2 = $sqlset2 . "'" . str_replace("'", "'",$HTTP_POST_VARS["title"]) . "'";
Change it to:
$sqlset2 = $sqlset2 . "'" . str_replace("'", "''",$HTTP_POST_VARS["title"]) . "'";