[RESOLVED] pesky apostrophes

swall2

Hi,

I'm having problems retrieving rows from a table when the search criteria contains an apostrophe ('). I have been reading the other threads concerning this problem and I unfortunately haven't found anything that has helped.

Code:

if ($_POST['titulo']){

$clean['titulo'] = mysql_real_escape_string(trim($_POST['titulo']));

$sqlExtra .= " AND (titulo LIKE '".$clean['titulo']."%' OR titulo LIKE '% ".$clean['titulo']."%' OR titulo LIKE '%=".$clean['titulo']."%')";

}

So if I type in "Don't do that" it says that it doesn't exist when it does...

In the table, the inserts are done in a similar manner and I don't save any escape characters .

Using phpMyAdmin, the query works when I manually add the slashes (as it should) but the code doesn't want to add them. The real problem is in that on the server, magic_quotes are ON and I can't change that for various reasons, so I have been trying unsuccessfully to change that in the script using

ini_set ('magic_quotes_gpc', 0);
set_magic_quotes_runtime (0);

This seems to do absolutely nothing as the following code (taken from php.net) shows:

ini_set ('magic_quotes_gpc', 0);
echo get_magic_quotes_gpc(); 
echo "<br />"; 
echo $_POST['titulo'];
echo "<br />";
echo addslashes($_POST['titulo']);

The output is
1
Don't
Don't

Is there anything obvious that I may be missing? Woods for trees come to mind..
Thanks

rincewind456

Try

$clean['titulo'] = mysql_real_escape_string(addslashes(trim($_POST['titulo'])));

swall2

Cheers for the response but unfortunately it doesn't seem to work...I've also tried the

addslashes(addslashes($text))

ploy, but to no avail. The system won't take an extra slash...

rincewind456

<?php
set_magic_quotes_runtime (0);
$clean['titulo'] =mysql_real_escape_string(htmlspecialchars(trim($_POST['titulo'])));
echo $clean['titulo'];
// Outputs  Don\\\'t 

$clean['titulo'] =htmlspecialchars(trim($_POST['titulo']));
echo $clean['titulo'];
// Outputs  Don\'t 

$clean['titulo'] =addslashes(trim($_POST['titulo']));
echo $clean['titulo'];
// Outputs  Don\\\'t
?>

Use whichever suits you ;-))

swall2

Cheers rincewind, but I'm guessing the problem is in the configuration as my output is:

Don&#039t
Don&#039t
Don't

And when I do an echo of

echo get_magic_quotes_gpc();

it returns 1 as if I hadn't have written anything about
set_magic_quotes_runtime (0); or ini_set ('magic_quotes_gpc', 0);

rincewind456

Except that

get_magic_quotes_gpc();

only tells you the configuration setting, which you know already

Try

<?php
set_magic_quotes_runtime(0);
echo get_magic_quotes_runtime ( );
?>

this should return 0 as it checks the runtime configuration, and will prove one way or another that magic quotes is on or off.

swall2

Thanks for you help, I got it using a function in the adodb classes -

"WHERE titulo LIKE ".$DB->qstr("%".$titulo."%", get_magic_quotes_gpc())."

The qstr function deals with my magic_quotes problems whatever the setting.

Cheers