10-14-2004, 04:41 PM
I'm trying to take a user-inputted string and insert into a database. So when I'm building the query in PHP, I want to replace a single quote ' with two-single quotes '' (not a double quote) so that SQL can parse the query correctly. Sounds simple, but I keep getting strange results. Here is the code in question:

For example, when the $_POST['Title'] variable = Ptty 359 Won't Boot
The resulting string is:

Ptty 359 Won\''t Boot
Why is PHP so kind as to add the slash in there? It's causing my SQL query to bomb. Help, I'm pulling my hair out.

10-14-2004, 05:24 PM
You need to use stripslashes() (http://php.net/stripslashes)

10-14-2004, 05:56 PM
I tested on this data: Ptty 359 Won't Boot http:\\Test.com\Index.php

On the code
And the results were perfect.

Ptty 359 Won''t Boot http:\\Test.com\Index.php

Thanks! :thumbsup:

10-14-2004, 06:47 PM
The code above works for MS-SQL, I had to make a correction in my abstraction to get it to work with MySQL. MySQL removes \ & changes \\ to \ so I was losing user-entered slashes.