I've nearly completed converting Wheatblog to sqlite. It's been quite a
learning experience! I've come across a problem I haven't been able to
figure out, though.
Whenever I made a blog post that had a forward quote character (') in either
the title or the body of the post, I'd get an error.
After a little Googling, I changed my query to:
$query = "INSERT INTO $database_table
(id, day, month, date, year, category, title, body, showpref)
VALUES (null,
'" . sqlite_escape_string($_POST['the_day']) . "',
'" . sqlite_escape_string($_POST['the_month']) . "',
'" . sqlite_escape_string($_POST['the_date']) . "',
'" . sqlite_escape_string($_POST['the_year']) . "',
'" . sqlite_escape_string($_POST['the_category']) . "',
'" . sqlite_escape_string($_POST['the_title']) . "',
'" . sqlite_escape_string($_POST['the_body']) . "',
'" . sqlite_escape_string($_POST['the_showpref']) . "')";
DB_query($query, $db);
and the definition of DB_query is:
function DB_query($cmd, $db)
{
$retval = sqlite_query($db, "$cmd")
or die('Query Error: ' . sqlite_error_string(sqlite_last_error($db)));
return $retval;
}
This works in the sense that forward quotes no longer generate an error.
However, whenever I print out a blog post, the forward quotes are all
escaped. So if I post:
This contains a ' character.
The post, when printed looks like:
This contains a \' character.
What's the proper way to ensure that ' characters are properly quoted but
don't show up in the output?
Thanks!
Pete
--
Save Star Trek Enterprise from extinction: http://www.saveenterprise.com
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
