How to remove Apostrophes (')?

grwd

I have several PHP forms that gather data which is temporarally stored in mySql tables. The data in these tables is then downloaded to my desktop and subsequent queries processes the data.

Apostrophes in user input is breaking these queries. Therefore I want to remove the apostrophes.

Will someone please provide a code sample of how to strip the apostrophes from variables?

laserlight

Lookup [man]addslashes/man or [man]mysql_escape_string/man

Note that if magic_quotes_gpc is set to 1 in php.ini, then incoming variables would be automatically escaped.

grwd

True, BUT when the apostrophes (escaped or not) hit my queries in my Delphi application - it breaks the query.

Will THIS remove the apostrophes?:

$value = str_replace("'","",$value);
???

thorpe

yes that will remove apostrophes, and also break your users inputed puntuation.

escaping these characters is your best bet.

laserlight

Backslashes are what MySQL uses to escape single quotes.
Some other RDMS use the doubling of single quotes.

If Delphi has a problem with sending escaped queries to MySQL, then Delphi has a problem.

That's not PHP's problem, and its not MySQL's problem either.