[PHP] Re: Should I convert special characters before writing them to a table?

Thu, 04 Oct 2001 07:11:00 -0700 

Hi

ASFAIK, the quote character (') is used in ANSI-SQL (and also in MySQL)
as string-delimiter... (e.g. "SELECT * FROM users WHERE name = 'admin';")

So I definitvely would replace the character or you'll might run into 
problems with SQL. 

Maybe there's another and better solution, but it should be no big thing to 
exchange the quotes quickly.

-- Cheers, Oliver




[EMAIL PROTECTED] (René fournier) wrote in
[EMAIL PROTECTED]:">news:[EMAIL PROTECTED]: 

> The reason I ask is, I'm having a problem processing rows in a table
> that contain single quotes (specifically, the PHP code I wrote that
> allows the user to duplicate a row doesn't work if the a field in the
> row has a single quote in it).
> 
> Would it be better for me to strip out the single quotes before the
> rows are written, replacing them with another special [harmless]
> character, and just dynamically swapping that character out for the
> orginal when the row is displayed?  Any thoughts?  I just started doing
> this PHP/MySQL thing a couple weeks ago, and I realize I have a lot to
> learn.  Any suggestions would be much appreciated.
> 
> Oh, and by the way, here is the PHP code for duplicating rows that
> fails to execute when a field in the row it's processing contains a
> single quote. 
> 
> =====================================
> // DUPLICATE
>    if ($action == "dup") {
> 
>           $result = mysql_query("SELECT * FROM $table WHERE
>           id=$id",$db); $myrow = mysql_fetch_array($result);
> 
> $comma = "";
> 
> for ($i = $priv; $i < $columns; $i++) {
>      $fld = mysql_field_name($fields, $i);
>     $set .= $comma."$fld='".$myrow[$i]."'";
>     $comma = ", ";
>      }
> 
>         // run SQL against the DB
>        $sql = "INSERT $table SET $set";
>        $result = mysql_query($sql);
> 
>    $affected = $id;
>    echo "<td width=10><img border=0 src=../../common/spacer.gif
>    width=10 
> height=1></td><td align=center valign=middle bgcolor=#eeeeee><span
> class=adminnormalgrey>Record duplicated</span></td>";
>      }
> =====================================
> 
> Thanks.
> 
> ...Rene
> 
> ---
> Rene Fournier
> [EMAIL PROTECTED]
> 
> 
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to