The popular &quot; and ' problem

The popular " and ' problem

Anon

I started with PHP and MySQL last week, and rapidly managed to create PHP pages that allow me to enter, edit and delete data in my database. All fine.
Until I insert text containing " and ' into CHAR fields.
The quotes and double-quotes get inserted just fine into the database - no problems there.
The problem I have is that when I query my database for records such as

"won't"

(NOTE: the double-quotes ARE part of my record entry) then the search finds no match.
I have tried using AddSlashes and StripSlashes but they dind't help.
Things like the entry

can't

work fine... I can enter these, edit them, search on them... all fine, but when I try to search on anything containing double-quotes I hit a brick wall.

I've been scouring the internet for a clear answer to this but found nothing that explains how I can avoid this.

HELP?

I know there are hundreds more people out there facing the same problem - I've seen their tales of woe in the discussion groups... can SOMEONE please publish a page that will put us out of our misery?

Many Thanks,
B

Anon

The best way to deal with quotes and MySQL is to always use single quotes in your queries and use addslashes() at all times. Here's an example:

$name = addslashes ($HTTP_POST_VARS["name"]);
$description = addslashes ($HTTP_POST_VARS["description"]);

$rs = mysql_query ("SELECT * FROM profile WHERE name='$name'");

if ($rs && mysql_num_rows ($rs) > 0)
{
echo "Person with this name already exists, choose another.\n";
exit;
}

mysql_query ("INSERT INTO profile (name, description) VALUES ('$name', '$description');

echo "Added '", stripslashes ($name), "' succesfully.\n";

I haven't encountered a problem with this method yet.

Anon

Eden, thanks for the help, but I'm not getting any further.. I'll try and explain what I'm doing:
I have a data-entry page that successfully lets me enter text data such as
"won't"
I then have a search menu that I build by doing a
SELECT DISTINCT FROM PROG_NAME FROM PROG_TABLE
This drop-down is in a form that uses GET to send the selected option to my next page. The menu successfully offers the entry I typed in .. i.e.[ "won't" ]
However, when I select "won't" in my menu and submit the form, I don't think the PROG_NAME makes it to the next form... and no amount of addslashes helps at all...
Having tested entries such as [ Sorry, I "can't" ], these are shown in the menu,
but only the [ Sorry, I ] makes it to the next page.

I assume it's something I'm doing wrong in sending the menu option to the next page:
All I have is a form like so:
$query = mysql_query("
SELECT DISTINCT PROG_NAME FROM PROG_TABLE
");

$count = 0;
$var0 = "";

//Output the initial part of the form
echo '<p>Select a program to search for:</p>';
echo '<form name="form1" form method="get" action="PROG_TABLE_SEARCH_FORM.php3">';
echo '	<select name="PROG_NAME">';

// Now output an option for each occurrence of a program
while ($column = mysql_fetch_array($query)) {
	$var0=$column["0"];

	if ($var0 != null) {
		$count = ($count + 1);
	}


	//Test to see if any PROG_NAME entries were found in our table... if not, o/p error msg:
	if ($count==0) {
		echo 'Sorry - no programs are available to search on in the PROG_NAME field in the PROG_TABLE table of the ssa database.';
	}

	// Output one option for each occurrence of a PROG_NAME that was found
	echo '  	<option value="';echo"$var0";echo'">';echo"$var0";echo'</option>';
}

// Now close the menu selection section
echo '	</select>';

// Now add a Submit button
echo '	<input type="submit" name="Submit" value="Search">';

// Now close the form
echo '</form>';