[Resolved] Inserting Apostrophes

Cynthia_Blue

I am running a Sybase Database and when a user enters text into a form with an apostrophe, the database errors.

So I'm most likely going to do some sort of replace on the string before it's insterted into the db, and then re-replace when it's pulled out.

I was thinking of using this:

$component = str_replace('\'', 'Chr(39)', $component);

This was suggested by a coworker. The Chr(39) is being interpreted as a literal in the database, which isn't a big deal really... but I was wondering if there were some better options out there.

Any suggestions? Thanks. 🙂

kevinsequeira

check these functions out

http://ca.php.net/manual/en/function.addslashes.php
http://ca.php.net/manual/en/function.stripslashes.php
http://ca.php.net/manual/en/function.htmlspecialchars.php

reg
kevin

Cynthia_Blue

Ah thank you. It seems htmlspecialchars () is working well for me. 🙂

mattr

Replace ' with ''. That will do it.

chriskl

What! Don't use htmlspecialchars - use addSlashes. Htmlspecialchars is totally wrong.

Chris

mattr

Although I agree that HTMLSpecialChars is not the way to go, Sybase ASE does not use slashes to escape strings. It follows the SQL specifications (unlike MySQL) that requires double single quotes.