Problem inserting text with single qoutes

scoyle74

Hello all, hopefully someone will be able to help me.

I have a development mysql database (MySQL 4.0.0-alpha-nt ) running on Windows.

I have a form that is able to successfully insert text that contains single quotes text to the database/table I have created.

ex) can't, won't, didn't, etc...

Now when I copy the php code/page to my production mysql database (MySQL 4.0.16a ) running on FreeBSD with Apache as the web server, the form is unable to insert the text.

From what I can tell the problem lies in the fact that when the insert statements are prepared the single quotes are not being escaped properly.

Is there some system/environment variable I need to ensure is set properly. I have looked and am unable to find any thing that is set differently.

By the way, I am not escaping the string using any special scripts or commands (I know I should be...).

any help would be greatly appreciated, I know there is probably a very simple solution to this.

thanks,
Scott 😕

rachel2004

It sounds like magic_quotes_gpc = ON is set on your development server, thus it escapes your quotes automatically.

Short of enabling this same setting on your production PHP server, you may want to consider using the functions:

mysql_escape_string()

addslashes()

There is a third option, which could be considered the safest, which is to manually escape your quotes with the backslash character. This could be tedious, however, if you have a lot of strings to escape.

scoyle74

rachel2004, you got it first try. 😃 the magic_quotes_gpc is set to off on my production server. I would normally escape the characters but due to the nature of the form, I can't guarantee that they will be used as well, as you guessed I have a lot of strings and it would be very tedious.

thanks alot,
Scott