February 12th, 2013, 11:28 AM
-
Double quotes inserts in MySql
HI,
Does anyone know how to get double quotes to insert into database?
I use
PHP Code:
$writer_thought = mysql_real_escape_string($writer_thought);
But it only works for the single quotes. All double quotes and everything in between are not inserted.
Thanks for you help.
Oh and the ini.php magic quotes are turned off already.
February 12th, 2013, 11:33 AM
-
You need to escape them by putting \ in front. However, I question why you are using 'mysql_real_escape_string'. That implies you are trying to use the deprecated MySQL extensions rather than PDO. If so you need to change that, then you use prepared statements instead.
There are 10 kinds of people in the world. Those that understand binary and those that don't.
February 12th, 2013, 01:12 PM
-
Use prepared statements, you can leave the input exactly as it is and you won't get an error due to double quotes corrupting the query string, no need for escaping the quotations.
Regards,
NM.
Last edited by Nanomech; February 12th, 2013 at 01:18 PM.
February 12th, 2013, 01:25 PM
-
Hi,
as much as I agree regarding the prepared statements, this has nothing to do with the OP's question.
mysql_real_escape_string does escape quotes, that's exactly its purpose. So if there's a problem specifically with double quotes, there's clearly something wrong with either the input or the surrounding code. It might be a good idea to find that out.
@eropsy:
Please post your full query code, make a var_dump() of $writer_thought (before you call mysql_real_escape_string) and echo the query string.
February 12th, 2013, 01:35 PM
-
Well the single quotes insert no problem. The code
$writer_thought = mysql_real_escape_string($writer_thought);
$sql = "INSERT INTO $table (writer_thought,
....)
VALUES ('$writer_thought,
.....
)";
When I echo' <td> '. STRIPSLASHES(TRIM($writer_thought)).' </td> ';
both the double quotes and single quotes show's alright.
The problem is on the insert to MySQL
Jaques maybe right about the surrounding codes. I'm in the process of sniffing out what it is.
Thanks Everyone!
February 12th, 2013, 02:19 PM
-
Problem solved
Well, all it was was that somehow I managed to accidentall delete the
$writer_thought = stripslashes(TRIM($writer_thought));
In the form....
Everything is working now.
February 12th, 2013, 08:14 PM
-
That makes no sense. Why did you call stripslashes, anyway? You said you have turned magic quotes off.
But I guess since it's "working" now, the problem is done for you. However, do not forget what gw1500se and Nanomech said about prepared statements. Just because you got the code "working" somehow doesn't mean it's actually secure.
February 12th, 2013, 09:47 PM
-
No idea why stripslashes are needed with Magic quotes turned off..
I'm in a learning phase still. Wouldnt be able to tell you why.
I'll have look into it. Prepared statements, security and all...