1

I feel daft asking this, but it's driving me potty. How can I make this string:

Children\''s Toy

Suitable for insert to a MySQL database and escape the characters properly?

Thanks

Improve this question

3 Answers 3

Reset to default
4

mysql_real_escape_string should do it. If you are using the mysqli extension, you can do it the same way. ( mysqli_real_escape_string )

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This led me to the solution. I was using the following: if (get_magic_quotes_gpc()) { $value = stripslashes($value); }$return_value = "'" . str_replace("'", "''", $value) . "'"; but i had to call stripslashes() before i even used this bit of code and that solved my problem... the Notes on the link you supplied helped. Thanks
3

Why, by using prepared statements, of course.

Improve this answer

3 Comments

Yes, PDO and prepared statements are the best way to go.
Thanks for sharing this, I'll give it a try in my next project
Sure, enjoy the SQL injections in the meantime :)
1

Like this:

Children\\\'\'s Toy

But you really should be relying on something built into PHP like mysql_reql_escape_string() or better yet, parameterize queries using PDO.

Here's my test of the above:

mysql> select 'Children\\\'\'s Toy' as escapedString; +------------------+ | escapedString | +------------------+ | Children\''s Toy | +------------------+ 1 row in set (0.49 sec)
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.