Thread: escaping the '

escaping the '

From

Andy Lewis

Date:

22 May 1998, 13:00:36

I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.

I have a table that has 16 text fields in it. I have a PHP form that allows a
user to enter info into that field. When a user enters an ' as in " item's " the
query will fail. I have played around with it and can execute the query without
error if I escape the ' . Such as " item\'s "

Here's the big question:

Is there anyway other than doing a ereg_replace(); in PHP to get around this
problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
I have no problem. I dont recall having this problem in the earlier version of
Postgres.

As always, thanks in advance!

Andy

Re: [SQL] escaping the '

From

Eric McKeown

Date:

22 May 1998, 21:34:13

On Fri, 22 May 1998, Andy Lewis wrote:

> Date: Fri, 22 May 1998 09:00:35 -0500 (CDT)
> From: Andy Lewis <alewis@mpsi.net>
> To: pgsql-sql@postgreSQL.org
> Subject: [SQL] escaping the '
>
> I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
>
> I have a table that has 16 text fields in it. I have a PHP form that allows a
> user to enter info into that field. When a user enters an ' as in " item's " the
> query will fail. I have played around with it and can execute the query without
> error if I escape the ' . Such as " item\'s "
>
> Here's the big question:
>
> Is there anyway other than doing a ereg_replace(); in PHP to get around this
> problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
> I have no problem. I dont recall having this problem in the earlier version of
> Postgres.

If you're using a php3.ini file, check out the value of "magic_quotes_gpc"
in that file.  If set to 1, that should escape such quotes automatically
when using GET or POST to send the contents of your form to a processing
script.  If you're not using a php3.ini file (assuming you're running the
Apache module version), you can use the php3_magic_quotes_gpc directive in
*.conf or .htaccess.  Run httpd -h for details on all the various php
directives available...

eric

>
> As always, thanks in advance!
>
> Andy
>
>
>

***********************************************************
Eric McKeown                  ericm@palaver.net
Palaver                  http://www.palaver.net
332 N. Market St.             Phone:  (219) 253-8131
Monon, IN 47959                   Fax:  (219) 253-6800
***********************************************************

Re: [SQL] escaping the '

From

"Anton Stöckl"

Date:

25 May 1998, 09:11:21

Eric McKeown wrote:

> > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
> >
> > I have a table that has 16 text fields in it. I have a PHP form that allows a
> > user to enter info into that field. When a user enters an ' as in " item's " the
> > query will fail. I have played around with it and can execute the query without
> > error if I escape the ' . Such as " item\'s "
> >
> > Here's the big question:
> >
> > Is there anyway other than doing a ereg_replace(); in PHP to get around this
> > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
> > I have no problem. I dont recall having this problem in the earlier version of
> > Postgres.
>
> If you're using a php3.ini file, check out the value of "magic_quotes_gpc"
> in that file.  If set to 1, that should escape such quotes automatically
> when using GET or POST to send the contents of your form to a processing
> script.  If you're not using a php3.ini file (assuming you're running the
> Apache module version), you can use the php3_magic_quotes_gpc directive in
> *.conf or .htaccess.  Run httpd -h for details on all the various php
> directives available...

Or you can alway escape the ' by another single quote -> select .. where
value = 'item''s' ..

-Tony

--
----------C-Y-B-E-R-S-O-L-U-T-I-O-N-S----------------
Anton Stöckl                    mailto:tony@cys.de
CyberSolutions GmbH             http://www.cys.de
Frankfurter Ring 193A           Phone +49 89 32369223
80807 Muenchen                  Fax   +49 89 32369220
------W-E----M-A-K-E----I-T----P-O-S-S-I-B-L-E-------

Re: [SQL] escaping the '

From

engelbert gruber

Date:

27 May 1998, 08:47:19

Andy Lewis wrote:

> I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30.
>
> I have a table that has 16 text fields in it. I have a PHP form that allows a
> user to enter info into that field. When a user enters an ' as in " item's " the
> query will fail. I have played around with it and can execute the query without
> error if I escape the ' . Such as " item\'s "
>
> Here's the big question:
>
> Is there anyway other than doing a ereg_replace(); in PHP to get around this
> problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it,
> I have no problem. I dont recall having this problem in the earlier version of
> Postgres.
>

how about String Functions AddSlashes (RTFM)

> As always, thanks in advance!
>

minimum sweat

--
---------------------------------------------
 engelbert gruber
 METASYS Datentechnik
  - innsbruck/austria/europe
 email : Engelbert.Gruber@metasys.co.at

 webpg : http://www.metasys.co.at
---------------------------------------------