Thread: escaping the '
I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30. I have a table that has 16 text fields in it. I have a PHP form that allows a user to enter info into that field. When a user enters an ' as in " item's " the query will fail. I have played around with it and can execute the query without error if I escape the ' . Such as " item\'s " Here's the big question: Is there anyway other than doing a ereg_replace(); in PHP to get around this problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it, I have no problem. I dont recall having this problem in the earlier version of Postgres. As always, thanks in advance! Andy
On Fri, 22 May 1998, Andy Lewis wrote: > Date: Fri, 22 May 1998 09:00:35 -0500 (CDT) > From: Andy Lewis <alewis@mpsi.net> > To: pgsql-sql@postgreSQL.org > Subject: [SQL] escaping the ' > > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30. > > I have a table that has 16 text fields in it. I have a PHP form that allows a > user to enter info into that field. When a user enters an ' as in " item's " the > query will fail. I have played around with it and can execute the query without > error if I escape the ' . Such as " item\'s " > > Here's the big question: > > Is there anyway other than doing a ereg_replace(); in PHP to get around this > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it, > I have no problem. I dont recall having this problem in the earlier version of > Postgres. If you're using a php3.ini file, check out the value of "magic_quotes_gpc" in that file. If set to 1, that should escape such quotes automatically when using GET or POST to send the contents of your form to a processing script. If you're not using a php3.ini file (assuming you're running the Apache module version), you can use the php3_magic_quotes_gpc directive in *.conf or .htaccess. Run httpd -h for details on all the various php directives available... eric > > As always, thanks in advance! > > Andy > > > *********************************************************** Eric McKeown ericm@palaver.net Palaver http://www.palaver.net 332 N. Market St. Phone: (219) 253-8131 Monon, IN 47959 Fax: (219) 253-6800 ***********************************************************
Eric McKeown wrote: > > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30. > > > > I have a table that has 16 text fields in it. I have a PHP form that allows a > > user to enter info into that field. When a user enters an ' as in " item's " the > > query will fail. I have played around with it and can execute the query without > > error if I escape the ' . Such as " item\'s " > > > > Here's the big question: > > > > Is there anyway other than doing a ereg_replace(); in PHP to get around this > > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it, > > I have no problem. I dont recall having this problem in the earlier version of > > Postgres. > > If you're using a php3.ini file, check out the value of "magic_quotes_gpc" > in that file. If set to 1, that should escape such quotes automatically > when using GET or POST to send the contents of your form to a processing > script. If you're not using a php3.ini file (assuming you're running the > Apache module version), you can use the php3_magic_quotes_gpc directive in > *.conf or .htaccess. Run httpd -h for details on all the various php > directives available... Or you can alway escape the ' by another single quote -> select .. where value = 'item''s' .. -Tony -- ----------C-Y-B-E-R-S-O-L-U-T-I-O-N-S---------------- Anton Stöckl mailto:tony@cys.de CyberSolutions GmbH http://www.cys.de Frankfurter Ring 193A Phone +49 89 32369223 80807 Muenchen Fax +49 89 32369220 ------W-E----M-A-K-E----I-T----P-O-S-S-I-B-L-E-------
Andy Lewis wrote: > I am running Postgres 6.3.2 / PHP 3.0 on Linux 2.0.30. > > I have a table that has 16 text fields in it. I have a PHP form that allows a > user to enter info into that field. When a user enters an ' as in " item's " the > query will fail. I have played around with it and can execute the query without > error if I escape the ' . Such as " item\'s " > > Here's the big question: > > Is there anyway other than doing a ereg_replace(); in PHP to get around this > problem? If I do a ereg_replace("'", "\'", $f1) in the PHP file and execute it, > I have no problem. I dont recall having this problem in the earlier version of > Postgres. > how about String Functions AddSlashes (RTFM) > As always, thanks in advance! > minimum sweat -- --------------------------------------------- engelbert gruber METASYS Datentechnik - innsbruck/austria/europe email : Engelbert.Gruber@metasys.co.at webpg : http://www.metasys.co.at ---------------------------------------------