cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • EspaƱol
      • FranƧais
      • PortuguĆŖs
  • ę—„ęœ¬čŖžć‚³ćƒŸćƒ„ćƒ‹ćƒ†ć‚£
    Dedicated community for Japanese speakers
  • ķ•œźµ­ ģ»¤ė®¤ė‹ˆķ‹°
    Dedicated community for Korean speakers
Exit
0
Upvote

PHP and special characters

revdave
Contributor ,
Jul 02, 2018 Jul 02, 2018

Copy link to clipboard

Copied

Hi,

I am having trouble with an HTML simple text input form that where the  user may enter special characters such as single quote or double quote etc.

form text example: I'm Feeling good.

When processing the form - php - post to mysql DB shows the error :

Syntax error or access violation: 1064 You have an error in your SQL syntax...

the value it got was like:

'I'm Feeling good',

- which has 3 single quotes - causing the error...

Q: Is there a way to properly escape whatever the special characters are that might be type to fix this issue for php?

Thanks

Dave

Views

1.5K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

David_Powers
LEGEND , Jul 02, 2018 Jul 02, 2018

The best way to handle this would be to use a prepared statement. Prepared statements are supported by MySQLi and PDO.

An alternative approach (not as good) would be to pass the text input to htmlentities() before adding it to the SQL. To convert both single and double quotes, you need to use ENT_QUOTES as the second argument:

$text = htmlentities($text, ENT_QUOTES);

Votes

Translate

Translate
replies 2 Replies 2
latest latest Jump to latest reply
David_Powers
LEGEND ,
Jul 02, 2018 Jul 02, 2018

Copy link to clipboard

Copied

The best way to handle this would be to use a prepared statement. Prepared statements are supported by MySQLi and PDO.

An alternative approach (not as good) would be to pass the text input to htmlentities() before adding it to the SQL. To convert both single and double quotes, you need to use ENT_QUOTES as the second argument:

$text = htmlentities($text, ENT_QUOTES);

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
revdave
Contributor ,
Jul 02, 2018 Jul 02, 2018

Copy link to clipboard

Copied

LATEST
In Response To David_Powers

Thank you so much David! I had forgotten about  Prepared statements. I already was using PDO and now that I added Prepared statements along with $stmt->bindParam( .... now all is working well.

THANKS AGAIN,

Dave

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Coding Related Communities
Plugins, Exchange Marketplace, Scripting, APIs & SDKs
UXP Developer Forum
Copyright Ā© 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices