validate special characters entered from a form field

bgneuschafer

If I enter any of of the special characters from a form field, they won't process properly. I get the message:

Syntax error (missing operator) in query expression ''can\'t won\'t don\'t', '', 'R', '', 'N', '')'., SQL state 37000 in SQLExecDirect

I realize it automatically inserts the slash in front of these special characters, and I thought that was to keep the query from recognizing those characters

I do reassign the string to a new page after I submit the fields with this line:

$Description=$_POST['Description'];

Then I execute my query statement. What could I be doing wrong?

zapa

you can try to use addslashes() or stripslashes(), for dealing with quoates and what not

bgneuschafer

I updated the first error message because the slashes didn't echo into the sentense. That's the way it looks without any function call of addslashes or stripslashes.

This is how my query string reads:

"insert into August2004Releases (ID, Date_Entered, Time_Entered, Platform, Reported_by, Subject, Description, Issue_Type, Assigned_to, Status, Resolution) values ('".$ID."', '".$Date_Entered."', '".$Time_Entered."', '".$POST['Platform']."', '".$POST['Reported_by']."', '".$POST['Subject']."', '".$Description."', '".$POST['Issue_Type']."', '".$POST['Assigned_to']."', '".$POST['Status']."', '".$_POST['Resolution']."')";

Hopefully all these special characters output to my message.

zapa

so is it working right now? or still get some other error?

bgneuschafer

It's still not working. Again, the error message shows a slash in front of each apostrophe. If I use the addslashes() function, it just shows an error message with the extra slashes, and if I use the stripslashes() function, it just shows the error message without the slashes(as the user wrote it).