Double quotes inserts in MySql

HI,

Does anyone know how to get double quotes to insert into database?

I use

But it only works for the single quotes. All double quotes and everything in between are not inserted.

Thanks for you help.

Oh and the ini.php magic quotes are turned off already.

You need to escape them by putting \ in front. However, I question why you are using 'mysql_real_escape_string'. That implies you are trying to use the deprecated MySQL extensions rather than PDO. If so you need to change that, then you use prepared statements instead.

Use prepared statements, you can leave the input exactly as it is and you won't get an error due to double quotes corrupting the query string, no need for escaping the quotations.

Regards,

NM.

Hi,

as much as I agree regarding the prepared statements, this has nothing to do with the OP's question.

mysql_real_escape_string does escape quotes, that's exactly its purpose. So if there's a problem specifically with double quotes, there's clearly something wrong with either the input or the surrounding code. It might be a good idea to find that out.


@eropsy:

Please post your full query code, make a var_dump() of $writer_thought (before you call mysql_real_escape_string) and echo the query string.

Well the single quotes insert no problem. The code

$writer_thought = mysql_real_escape_string($writer_thought);

$sql = "INSERT INTO $table (writer_thought,
....)

VALUES ('$writer_thought,
.....
)";

When I echo' <td> '. STRIPSLASHES(TRIM($writer_thought)).' </td> ';
both the double quotes and single quotes show's alright.

The problem is on the insert to MySQL


Jaques maybe right about the surrounding codes. I'm in the process of sniffing out what it is.


Thanks Everyone!

Well, all it was was that somehow I managed to accidentall delete the

$writer_thought = stripslashes(TRIM($writer_thought));

In the form....

Everything is working now.

That makes no sense. Why did you call stripslashes, anyway? You said you have turned magic quotes off.

But I guess since it's "working" now, the problem is done for you. However, do not forget what gw1500se and Nanomech said about prepared statements. Just because you got the code "working" somehow doesn't mean it's actually secure.

No idea why stripslashes are needed with Magic quotes turned off..
I'm in a learning phase still. Wouldnt be able to tell you why.
I'll have look into it. Prepared statements, security and all...