Postgres &amp; &quot;

Postgres & "

amreiff

Probably a pretty easy question, but I've always had problems with this issue.

I have a Postgresql db running on a 'nix and maintaining it with custom php scripts through a web-based admin site. I am building a news related page where we could potentially quote people, add links, etc. My problem is double-quotes (") in the text or links. Here is my query:

$query = "INSERT INTO news_items ";
$query .= "VALUES ";
$query .= "(";
$query .= "nextval('news_items_seq'), ";
$query .= "'$day', ";
$query .= "'$month', ";
$query .= "'$year', ";
$query .= "'$month/$day/$year', ";
$query .= "'$headline', ";
$query .= "'$teaser_text', ";
$query .= "'$full_text' ";
$query .= ")";

There is potential for double-quotes in $headline, $teaser_text, and $full_text and php/sql doesn't like them. I know this can be done but am having a heck of a time figuring out what to do. I've tried variations on the query:

$query .= "\"$headline\", ";
$query .= "\"$teaser_text\", ";
$query .= "\"$full_text\" ";

but this doesn't seem to work. Any thought/ideas/HELP!? THANX!

smarlowe

You're being hit by PHP's autoexpansion of things inside double quotes.

$string1 = "\"Hello\"";
$string2 = '\"Hello\"';

are not the same.

The first results in a string of:

"Hello"

while the second gives us:

\"Hello\"

which is what you want. so, try it using single quotes around your \" and you should be fine.

Also, use the addslashes / stripslashes built in functions to do this.

$string = '"Man, what a day" said Tom.';
$string2 = addslashes($string);
print $string2;
$string3 = stripslashes($string2);
print $string3;