--- Steve Buehler <[EMAIL PROTECTED]> wrote:
> I am using PHP/MySQL and am having a problem. We have some names and
> addresses in the database that have single quotes in them. For
> instance. There is a town around here called "Lee's Summit". Also
> names like "O'connel". When I pull from the database it skips these
> because of the quotes. I know there is something that I have seen
> before about this, but can't find it now. Can anybody help me? I really
> hope this makes since because I am sick today and am having a hard time
> thinking straight. Is it something that I will have to fix when putting
> things into the database? I am hoping on being able to fix this when
> going in and when coming out of the database so that I don't have to go
> back and redo all the ones that are already in the database.
You will probably have to "go back and redo all the ones that are already
in the database," but that's just a guess.
Use addslashes() to escape single quotes for MySQL:
addslashes("O'Reilly") => O\'Reilly
Since you apparently didn't do this when storing the data, it is unlikely
that you can recover it. At least you found out about this now rather than
after one of your users had fun with your database. Not only does such a
lack of input validation break things, it is also a serious security
vulnerability.
Hope that helps.
Chris
=====
My Blog
http://shiflett.org/
HTTP Developer's Handbook
http://httphandbook.org/
RAMP Training Courses
http://www.nyphp.org/ramp
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
