HI,
Does anyone know how to get double quotes to insert into database?
I useBut it only works for the single quotes. All double quotes and everything in between are not inserted.PHP Code:$writer_thought = mysql_real_escape_string($writer_thought);
Thanks for you help.
Oh and the ini.php magic quotes are turned off already.
Thread: Double quotes inserts in MySql
-
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Jun 2008
- Posts
- 51
- Rep Power
- 6
Double quotes inserts in MySql
-
No Profile PictureContributing UserDevshed Loyal (3000 - 3499 posts)
- Join Date
- Jul 2003
- Posts
- 3,198
- Rep Power
- 593
You need to escape them by putting \ in front. However, I question why you are using 'mysql_real_escape_string'. That implies you are trying to use the deprecated MySQL extensions rather than PDO. If so you need to change that, then you use prepared statements instead.
There are 10 kinds of people in the world. Those that understand binary and those that don't. -
Contributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Aug 2011
- Location
- The Pleiades
- Posts
- 293
- Rep Power
- 8
Use prepared statements, you can leave the input exactly as it is and you won't get an error due to double quotes corrupting the query string, no need for escaping the quotations.
Regards,
NM.Last edited by Nanomech; February 12th, 2013 at 01:18 PM.
-
--Devshed Expert (3500 - 3999 posts)
- Join Date
- Jul 2012
- Posts
- 3,706
- Rep Power
- 1055
Hi,
as much as I agree regarding the prepared statements, this has nothing to do with the OP's question.
mysql_real_escape_string does escape quotes, that's exactly its purpose. So if there's a problem specifically with double quotes, there's clearly something wrong with either the input or the surrounding code. It might be a good idea to find that out.
@eropsy:
Please post your full query code, make a var_dump() of $writer_thought (before you call mysql_real_escape_string) and echo the query string. -
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Jun 2008
- Posts
- 51
- Rep Power
- 6
Well the single quotes insert no problem. The code
$writer_thought = mysql_real_escape_string($writer_thought);
$sql = "INSERT INTO $table (writer_thought,
....)
VALUES ('$writer_thought,
.....
)";
When I echo' <td> '. STRIPSLASHES(TRIM($writer_thought)).' </td> ';
both the double quotes and single quotes show's alright.
The problem is on the insert to MySQL
Jaques maybe right about the surrounding codes. I'm in the process of sniffing out what it is.
Thanks Everyone! -
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Jun 2008
- Posts
- 51
- Rep Power
- 6
Problem solved
Well, all it was was that somehow I managed to accidentall delete the
$writer_thought = stripslashes(TRIM($writer_thought));
In the form....
Everything is working now. -
--Devshed Expert (3500 - 3999 posts)
- Join Date
- Jul 2012
- Posts
- 3,706
- Rep Power
- 1055
That makes no sense. Why did you call stripslashes, anyway? You said you have turned magic quotes off.
But I guess since it's "working" now, the problem is done for you. However, do not forget what gw1500se and Nanomech said about prepared statements. Just because you got the code "working" somehow doesn't mean it's actually secure. -
No Profile PictureContributing UserDevshed Newbie (0 - 499 posts)
- Join Date
- Jun 2008
- Posts
- 51
- Rep Power
- 6
No idea why stripslashes are needed with Magic quotes turned off..
I'm in a learning phase still. Wouldnt be able to tell you why.
I'll have look into it. Prepared statements, security and all...
February 12th, 2013, 11:28 AM
Reply With Quote
February 12th, 2013, 11:33 AM
February 12th, 2013, 01:12 PM
February 12th, 2013, 01:25 PM
February 12th, 2013, 01:35 PM
February 12th, 2013, 02:19 PM
February 12th, 2013, 08:14 PM
February 12th, 2013, 09:47 PM
