RE: [PHP] submitting free-form text to a database

Mon, 16 Jul 2001 10:09:42 -0700 

for the quotes thing.  you must have single quotes around the
values that will go to the database, and you must escape single
quotes inside the value with either "''" or "\'" (at least in 
MySQL, both work)

and as for the database... IMO, you should download MySQL now and
save yourself a ton of trouble porting/updating code later on.

MySQL is free, fast, good, stable, etc.  Everything i hear about
Microsoft databases leads me to believe that they're buggy, slow,
and incompatible with most other databases.  

if you write the entire thing for MS-access, you'll probably have
to re-write half the database access code when you decide to
switch to MySQL... so better to do it sooner than later and save
yourself the work down the road.  :-)

> -----Original Message-----
> From: garman [mailto:[EMAIL PROTECTED]]
> Subject: [PHP] submitting free-form text to a database
> 
> 
> Hello.  I'm creating a simple "Classifieds" PHP application.  It allows users 
> to view classifieds by category, and add new items to the database.  For now, 
> I'm using MS Access 97 as my database (although eventually I would like to 
> switch to MySQL).
> 
> Anyway, one element of a classified is the description.  I have a "textarea" 
> box where the user enters a description of the item he is selling.  If the 
> user's input contains an apostrophe (aka a single quote "'") or even a double 
> quote, the code gets confused.
> 
> A single quote is used around values in an SQL update command.  So if the 
> value itself contains a single quote (or multiple single quotes) I get an SQL 
> error when trying to update the database (understandably so).
> 
> When the user input contains double quotes, PHP gets confused and thinks other 
> form variables aren't set, which then confuses the SQL update command.
> 
> What kind of form processing do I need to do to fix these things?
> 
> Thanks,
> Matt

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to