Re: Re(2): Test (fwd) - Mailing list pgsql-php

From Mitch Vincent
Subject Re: Re(2): Test (fwd)
Date
Msg-id 004601c0f525$8b7d3e90$0200000a@Mitch
Whole thread Raw
In response to Test (fwd)  (Chadwick Rolfs <c2304182@webdevel.urban.csuohio.edu>)
Responses Re: Re(2): Test (fwd)
List pgsql-php
    The apostrophe being a special character in PostgreSQL (and most other
databases), it needs to be escaped if you wish it to go nicely into a
query..
addslashes() and related functions will help there.

    Another thing to keep in mine is htmlspecialchars() -- it's very useful
when someone might put a double quote in your form field -- which could
seriously mess up when you have something like <INPUT TYPE="TEXT"
NAME="Whatever" VALUE="this is what I'm "talking" about"> , sort of thing.

    I missed the first post so please excuse me if I'm way off base.. Good
luck!

-Mitch


----- Original Message -----
From: "Adam Lang" <aalang@rutgersinsurance.com>
To: <pgsql-php@postgresql.org>
Sent: Thursday, June 14, 2001 1:28 PM
Subject: Re: Re(2): [PHP] Test (fwd)


> It could fluctuate on each database, so always check the appropriate
> documentation, but...
>
> the standard way usually is to double the apostrophe
>
> O'Brien would be O''Brien  (the middle is two apostrophes, not a quote)
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Gary Hoffman" <ghoffman@ucsd.edu>
> To: <pgsql-php@postgresql.org>
> Cc: <aalang@rutgersinsurance.com>
> Sent: Thursday, June 14, 2001 1:12 PM
> Subject: Re(2): [PHP] Test (fwd)
>
>
> > aalang@rutgersinsurance.com writes:
> > >
> > >Plus, you have to make sure to check for apostrophes.  That will break
> > >your
> > >SQL statement if someone typed them into the text field.
> > >
> >
> > Well, this caveat had never occured to me. So how does someone enter
> > strings with enclosed apostrophes, as in the Irish surname O'Mallory or
> > the Yemeni placename Sana'a?
> >
> > Gary
> >
> >
**************************************************************************
> > * Gary B. Hoffman, Computing Services Manager  e-mail: ghoffman@ucsd.edu
*
> > * Graduate School of International Relations and Pacific Studies (IR/PS)
*
> > * University of California, San Diego (UCSD)       voice: (858) 534-1989
*
> > * 9500 Gilman Dr. MC 0519                            fax: (858) 534-3939
*
> > * La Jolla, CA 92093-0519 USA             web: http://www-irps.ucsd.edu/
*
> >
**************************************************************************
> >
> >
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
>


pgsql-php by date:

Previous
From: Timothy_Maguire@hartehanks.com
Date:
Subject: Re: Re(2): Test (fwd)
Next
From: "Mitch Vincent"
Date:
Subject: Re: Re: Re(2): Test (fwd)