Problem with &quot; ' &quot;

Problem with " ' "

badgoat

The ' thing is giving me a problem. I am sure there's a php function to allow someone to use the ', such as when entering a nem like O'Reilly into a db. What's the function?

Thanks!

devinemke

[man]addslashes[/man]
[man]stripslashes[/man]

badgoat

I was looking at the stripslashes in the manual and didn't think it was it since I could find no reference to apostrophes. =\

Quick follow-up question.. As the manual is unclear(to me) would I use addslashes on the form page or on the following page which enters the variables? The code below is what I have been trying to work addslashes into, but so far no luck.

$city =$HTTP_POST_VARS['city'];

Tried this:
$city = addslashes($HTTP_POST_VARS['city']);

didn't work.

devinemke

any data being entered into the database should be run thru [man]addslashes[/man] first. PHP automagically adds the slashes for you if magic_quotes_gpc is set to ON in your php.ini file. if you need to [man]stripslashes[/man] before the database insert (like displaying in the browser) then be sure to [man]addslashes[/man] back before feeding the data to your query.

badgoat

I checked to ensure that magic_quotes are turned off. Isn't this

$city = addslashes($HTTP_POST_VARS['city']);

correct ? It would seem to be, after doing more research. Does it make a difference that I am not using MySQL, but MSSQL?

execute

In other words, just do
$var = addslashes($POST['POST_var']);
$firstname = addslashes($POST['POST_firstname']);

$POST goes instead of $HTTP_POST_VARS... thats an old way of writing it. $POST is the new way. but remember its an ARRAY.

You can also just take a loop to take ALL POST variables and change them to simple variables like $var :

<?php
foreach($_POST as $key => $val){
$$key = addslashes($val);
}
?>

DO the addslashes script in the same page as the MySQL query, so, add it at the top of your script.

Then when you want to display it . Just in the page where they view it <?php
stripslashes(); ?> the mysql_fetch data.