apostrophe database help

michaelowen

hello,

my question is about returning values with special characters from the database. Apostrophe's have caused me the most problems.

When a use enters "O'Reilly" as a last name, it is returned FROM the database as "O\\\\\Reilly"

Should I use the stripslashes command, or should i strip the special characters when the user enters them into the database?

-Michael

-mike

laserlight

Show the smallest example of a script that demonstrates this problem.

Generally you need to escape the single quote before entering the data into the database, and this is done using addslashes() (unless magic_quotes_gpc is on, and it is by default) or by doubling the single quote.

michaelowen

would it be safer to remove all special characters before sending them to the db?

for example, "O'Reilly" would be "OReillly"?

Is there a command to do that?

-mike

laserlight

Yes, but then you'll be unncessarily altering valid data.

$str = str_replace("'", "", $str);

The one I use:
Data to database:

function prepIn($str) {
	if (get_magic_quotes_gpc() == 0) {
		return addslashes($str);
	}
	return $str;
}

I think the data coming from the database shouldnt be escaped, but I still use stripslashes() on it.