Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 7 of 7
  1. #1
    Senior Member
    Join Date
    Aug 2011
    Posts
    217
    Member #
    29153
    Liked
    4 times
    I have a web site set up where I allow users to share(copy) information with each other. If one user has something stored that has an apostrophe, it messes up the copying process. How can this be fixed?

  2.  

  3. #2
    Senior Member
    Join Date
    Aug 2011
    Posts
    217
    Member #
    29153
    Liked
    4 times
    The php code looks like this.


    $results = mysql_query("SELECT * FROM questions WHERE user = '$shareduserName' AND subject = '$subject' AND topic = '$topic'");
    mysql_query("INSERT INTO topics (userid, subject, topic) VALUES ('$user', '$mysubject', '$mytopic')");

    while ($row = mysql_fetch_array($results)) {
    $question = $row['question'];
    $answer = $row['answer'];


    mysql_query("INSERT INTO questions (user, subject, topic, question, answer, ordernum) VALUES ('$user', '$mysubject', '$mytopic', '$question', '$answer', $count)");

    $count++;
    }

  4. #3
    Member
    Join Date
    Apr 2011
    Posts
    81
    Member #
    27344
    Liked
    3 times
    if i am understanding you well, let us say that you want to insert Maria'Ann as user into your database. You have to use the following code:

    "INSERT INTO questions (user, subject)
    VALUES('Maria\'Ann',$subject)";

    In this way you are escaping the ' as \' otherwise the mysql will treat is an the end of the string to be inserted and will cause an error.

    i hope this explains.

  5. #4
    Senior Member
    Join Date
    Aug 2011
    Posts
    217
    Member #
    29153
    Liked
    4 times
    Quote Originally Posted by onlinespider, post: 229303
    if i am understanding you well, let us say that you want to insert Maria'Ann as user into your database. You have to use the following code:

    "INSERT INTO questions (user, subject)
    VALUES('Maria\'Ann',$subject)";

    In this way you are escaping the ' as \' otherwise the mysql will treat is an the end of the string to be inserted and will cause an error.

    i hope this explains.
    Actually, what I'm trying to do is copy it from one table to another. Users are able to copy information from someone else's profile to their own.

  6. #5
    Member
    Join Date
    Apr 2011
    Posts
    81
    Member #
    27344
    Liked
    3 times
    have you passed all inputs through mysqli_real_escape_string() function before being saved in the first table?

    $escaped_data=mysqli_real_escape_string($database_ connection,$_POST['data']);

  7. #6
    Senior Member
    Join Date
    Aug 2011
    Posts
    217
    Member #
    29153
    Liked
    4 times
    Quote Originally Posted by onlinespider, post: 229312
    have you passed all inputs through mysqli_real_escape_string() function before being saved in the first table?

    $escaped_data=mysqli_real_escape_string($database_ connection,$_POST['data']);
    No, I haven't.

  8. #7
    Member
    Join Date
    Apr 2011
    Posts
    81
    Member #
    27344
    Liked
    3 times
    Quote Originally Posted by Glenn, post: 229326
    No, I haven't.
    mysqli_real_escape_string() function will escape dangerous characters when inputted by the user and therefore increase security.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 12:17 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com