RE: replace single and double quotes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Assumning $act_id is integer:

$act_extra = mysql_real_escape_string($_POST[editextra]);
$act_extra_fr = mysql_real_escape_string($_POST[editextrafr])
$act_id = $_POST[editid];

$sql = sprint("UPDATE activities SET act_extra='%s', act_extra_fr='%s' WHERE
act_id=%d", $act_extra, $act_extra_fr, $act_id);

Notice the %d for the id part if $act_id should be integer.

/Peter


-----Original Message-----
From: afan@xxxxxxxx [mailto:afan@xxxxxxxx] 
Sent: Tuesday, August 29, 2006 8:28 PM
To: rv@xxxxxxxx
Cc: php-general@xxxxxxxxxxxxx
Subject: Re:  replace single and double quotes

since I had something similar as a problem, let m etry to anser ang see
did I get it correct :)

first, and most important: never store in DB row submitted string

$act_extra = mysql_real_escape_string($_POST[editextra]);
$act_extra_fr = mysql_real_escape_string($_POST[editextrafr])
$act_id = mysql_real_escape_string($_POST[editid]);

then:
$sqledit = "
    update activities
    set act_extra='".$act_extra."',
    act_extra_fr = '".$act_extra_fr."'
    where act_id = '".$act_id."'";

to check:
echo $sqledit;

it should work now.

hope this helped.

-afan



> This is the code is use to insert/update text into a database field:
>
> $sqledit="update activities set act_extra='$_POST[editextra]',
> act_extra_fr='$_POST[editextrafr]' where act_id=$_POST[editid]";
>
> Now both $_POST[editextra] and $_POST[editextrafr] can contain single or
> double quotes.
> So the query almost always gives me an error.
>
> I know I have to replace " with &quot, but I do not know how to replace
> the
> single quote so it is shown as a single quote on a webpage when I get it
> from the database
>
> I have been looking into str_replace and preg_replace. But what I really
> need is a solution that 'replaces' single quotes, double quotes en curly
> quotes so I tackle all possible problems and the same text as it was
> inputed
> in the textarea is shown on the webpage.
>
> Thx in advance
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux