...

View Full Version : str_replace Problem & single quotes...



rynox
10-14-2004, 04:41 PM
I'm trying to take a user-inputted string and insert into a database. So when I'm building the query in PHP, I want to replace a single quote ' with two-single quotes '' (not a double quote) so that SQL can parse the query correctly. Sounds simple, but I keep getting strange results. Here is the code in question:

...str_replace("''","'",$_POST['Title'])...
For example, when the $_POST['Title'] variable = Ptty 359 Won't Boot
The resulting string is:

Ptty 359 Won\''t Boot
Why is PHP so kind as to add the slash in there? It's causing my SQL query to bomb. Help, I'm pulling my hair out.

Nightfire
10-14-2004, 05:24 PM
You need to use stripslashes() (http://php.net/stripslashes)

rynox
10-14-2004, 05:56 PM
I tested on this data: Ptty 359 Won't Boot http:\\Test.com\Index.php

On the code
stripslashes(str_replace("''","'",$_POST['usr']))
And the results were perfect.

Ptty 359 Won''t Boot http:\\Test.com\Index.php

Thanks! :thumbsup:

rynox
10-14-2004, 06:47 PM
The code above works for MS-SQL, I had to make a correction in my abstraction to get it to work with MySQL. MySQL removes \ & changes \\ to \ so I was losing user-entered slashes.

str_replace("\\","\\\\",stripslashes(str_replace("'","''",$teststr)))
:eek:



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum