Actually I think the problem is before you can use either addslashes or mysql_escape_string() functions. The value with " or ' never reaches the database. I think I need a way to ignore quotes for input values in HTML.
On Mar 22, 2004, at 12:17 PM, Jimmy Brock wrote:
Matt, love your show!
Use the addslahses function to escape ' " \ characters. See http://php.net/addslashes for details.
Actually, you shouldn't use addslashes, but a database specific function like mysql_escape_string().
http://phundamentals.nyphp.org/PH_storingretrieving.php
Regards,
Filip de Waard
Jimmy Brock
"Matthew Perry" <mwperry@xxxxxxxxxxx> wrote in message news:405E6BD8.9010502@xxxxxxxxxxxxxx
I am trying to allow my users to enter quotes in their strings. For
instance instead of writing: 2 inch rod, they can write 2 " rod. The
problem is, of course, that " ends the string and all that is saved is
any value before the ". How do I get around this without using textarea?
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Say I have this:
<input type="text" size = "2" name="Q">
And my user enters: 2 " copper tubing
The value for "Q" will be: 2
When I add it to the database with addslashes there will be no ", ' or \ to add a slash to!
And when I retreive it from the database and use mysql_real_escape() there will be the same problem.
Thank you for your time, and yes I am the real Matthew Perry of course.
Matthew Perry
-- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
